chroot sftp-server [PATCH]

[Andrew Bartlett]

mouring at etoh.eviladmin.org wrote:
> 
> On Fri, 25 May 2001, Andrew Bartlett wrote:
> 
> > Damien Miller wrote:
> > >
> > > On Fri, 25 May 2001, Andrew Bartlett wrote:
> > >
> > > > Is there any way of making this work?  This is the method I much prefer,
> > > > and was looking at implementing a while ago.  I'm glad sombodies taken a
> > > > stab at it.
> > > >
> > > > I run SFTP specificly becouse it does not require a ROOT deamon (apart
> > > > from OpenSSH, which I run already) nor does it require a set-uid
> > > > binary.  Hence my interest in this patch.
> > >
> > > I am not to fussed about a setuid sftp-server, so long as it does
> > > does chdir,chroot,setuid as its first actions. IMO this is preferable
> > > to patch-checking schemes which introduce complexity and may be
> > > possible to fool.
> > >
> >
> That is my main concern also.  However, I don't think that the patch I'm
> working on introduces that much complexity.  And as long as 'realpath()'
> does it job then it should be fairly secure.

I like it.  And the patch looks pretty sane to me.

> 
> > Unfortunetly it would (if I understand it correctly) break things like
> > symbolic links, if they were so unfortunate as to be absolute, rather
> > than relitive, would it not?
> >
> > For example, i have a 'shared folder' system that uses links from
> > ~/groupname to /home/groups/groupname.  I was intending to restirct my
> > users to files under /home with a patch like this, as it seemed the best
> > solution.
> >
> 
> It really depends on how your OS handles symlinks.  In the symlink tests I
> did linking /tmp to ~/tmp I found that I could not cd ~/tmp because it
> happen to be a soft link and realpath() resolved it correctly and it was
> denied.
> 
> - Ben

Excellent.  My concern was what an absolute symlink would do with the
chroot ideas that were floating about, as directories would no longer be
in the same place...

Keep up the good work,

Andrew Bartlett

-- 
Andrew Bartlett
abartlet at pcug.org.au