sftp-server and chroot

Jonas Lehmann dalco_lehmann at hotmail.com
Fri Dec 28 05:24:09 EST 2001 

Thanks Dan.   I agree with you.  I wouldn't use either yet, either.

I did look at attempting to fix some of the obvious shortcomings you easily 
and quickly detected.

The chroot($HOME) problem I had underestimated.  I knew that a user with 
shell access could set his $HOME and then run /bin/sftpsh.  I tried that and 
it certainly worked.  But, I falsely assumed that by exec'ing the 
sftp-server the security risk to the system would be minimal.  But, I'm most 
likely just naive.

I added a success check to chdir() to make sure that worked.

I'm interested in (maybe not appropriate for newsgroup) why the setreuid() 
and success checking is not sufficient after chroot().

To remove the risk of $HOME exploits, I changed the sample program to use 
getpwent() instead of getenv("HOME").  I'm sure this is not great either.  I 
know that a user's home directory may not be secure in itself but I 
conceptually like the simplicity of working with home directories.


Appreciate your feedback,
-Jonas



>From: Dan Astoorian <djast at cs.toronto.edu>
>To: "Jonas Lehmann" <dalco_lehmann at hotmail.com>
>CC: openssh-unix-dev at mindrot.org
>Subject: Re: sftp-server and chroot
>Date: Thu, 27 Dec 2001 10:18:19 -0500

>This program lets any user on the system chroot() to an arbitrary
>directory under the user's control by setting the HOME environment
>variable.

>Also:
>- the program doesn't check whether the chdir() after the chroot is
>   successful;
>- the code which attempts to reset the uid/gids has a number of
>   problems, which I won't go into here.


>Dan Astoorian               People shouldn't think that it's better to have
>Sysadmin, CSLab             loved and lost than never loved at all.  It's
>djast at cs.toronto.edu        not, it's better to have loved and won.  All
>www.cs.toronto.edu/~djast/  the other options really suck.    --Dan Redican




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

More information about the openssh-unix-dev mailing list