[PATCH] improved chroot handling
Luc I. Suryo
luc at suryo.com
Thu Jun 27 10:20:45 EST 2002
Luc I. Suryo <luc at suryo.com>
wrote at Wed, Jun 26, 2002 at 07:03:30PM -0500:
>
> Tony Finch <dot at dotat.at>
> wrote at Thu, Jun 27, 2002 at 12:23:14AM +0100:
>
> > On Wed, Jun 26, 2002 at 06:17:47PM -0500, Luc I. Suryo wrote:
> > >
> > > it is maybe me but the code:
> > >
> > > char emptydir[] = "/var/tmp/sshd.XXXXXXXXXX";
> > >
> > > is hard coded...and we want to use what is defined by
> > >
> > > _PATH_PRIVSEP_CHROOT_DIR
> > >
> > > yes?
> >
> > Why? The point is to make _PATH_PRIVSEP_CHROOT_DIR unnecessary.
>
> there maybe ppl out there that want to make the path soemwhere else....
> i personaly do like hardcoded thinks like that .... but that is just me.
typo :) ... I personaly do *not* like hardcoded
why: if the location is not know to the public, it maybe a extra
security .... and how about if the directory is randomized? (well under
/var/......mabe /var/spool/sshd/run-${pid}-(randomized value)
>
> >
> > > and should not one make sure that there is no overflow in
> > > emptydir??? malloc/free/strlen and that kinda of stuff
> >
> > I suggest you have a look at the manual page for mkdtemp().
> Sure openssh test for mkdtemp an don soem system there is NO mkdtemp
> like under Solaris ... i looked into openbsd-compat/mktemp.c
> But again i still preffer to do over flow check before calling mkdtemp
> as what is an OS does have mkdtemp but the implementation is broken ....
>
> and one more thing ... :) chdir("/") shouldn't one first test if teh
> location (current dir) is where we want to be .....
>
again my 25c....
--
Kind regards,
Luc Suryo
More information about the openssh-unix-dev
mailing list