restricted shell

Andy Polyakov appro at fy.chalmers.se
Tue May 1 02:38:15 EST 2001


> > > it's easier if the sftp-server does chroot.

i can't agree more. fyi, here is an elegant way to chroot in a program:

main (...)
{ /* main's original declarations */

  if (geteuid() == 0)
  { char *chroot_to=NULL;
    uid_t ruid=getuid();

    if (chroot_to = getenv("CHROOT_DIR"))
    { setreuid(ruid,-1), setreuid(-1,ruid); /* beware the saved uid */
      if (chdir(chroot_to))              exit (errno); /* as user!  */
      if (setreuid(-1,0) || chroot(".")) exit (errno); /* as root!  */
      runs_chrooted = 1;
    }
    setuid (ruid); /* resets *all* uids, no way back */
  }

...

beauty is that chdir is performed as user (thus preventing the user from
chdir-ing to directory [s]he normally can't chdir to) while chroot as
root. yes, program has to set-root-uid, but you can do this as early as
first thing in main(). getenv("CHROOT_DIR") in only an example... and in
real-life one probably wants to print some error message, not just
exit(errno)...

a.



More information about the openssh-unix-dev mailing list