feature request & patch submit: chroot(2) in sshd
Hank Leininger
openssh-unix-dev at progressive-comp.com
Sun Oct 29 17:52:58 EST 2000
On 2000-10-24, Birger Toedtmann <birger at takatukaland.de> wrote:
> Below is a tiny patch to 2.2.0p1 which enhances the sshd-config
> by two options and, when set, places all users / users of a certain group
> immediately in their sandbox.
Cool. Hm...
> + /* Do a chroot, if configured. */
> + if (options.use_chroot) {
> + if ((!options.chroot_group)
> + || (options.chroot_group ==pw->pw_gid)) {
> + debug("Doing chroot to %s.",pw->pw_dir); +
> + if (chroot(pw->pw_dir)) {
> + log("Requested chroot failed: [%d] %s\n",
> + errno,strerror(errno));
> + exit(1);
> + }
> + pw->pw_dir = "/";
> + }
> + }
Aren't you missing a 'chdir("/")' in there? Else you leak '.' outside the
chroot jail. (Unless a chdir is guaranteed to be done between here, and
when user processes get control?)
--
Hank Leininger <hlein at progressive-comp.com>
More information about the openssh-unix-dev
mailing list