chroot for sftp using unix sockets

ewheeler at ewheeler at
Wed May 22 04:10:09 EST 2002

> Re: OpenSSH 3.2.2 released : chroot
> chroot at sshd level requires a sftp-server binary in every chroot target
> and that's not desirable.

You would also need all the libraries necessary to run sftp-server.  What
if there were an sftpd which ssh would talk over a pair of pipes or unix
socket to to avoid having an sftp-server binary and associated libraries
living in the jail as well?  My idea is as follows:


1. User authenticates and requests the execution of sftp-server.

2. sshd realizes that sftp-server is being executed and connects instead
to some unix socket (/var/run/sftpd? probably 600, owned by root). This
would require some option like this:

OverideBinaryWithSocket /usr/bin/sftp-server /var/run/sftpd

3. sftpd accepts the AF_UNIX connection, forks a child, chroots, and gives
up root access in favor of the user logging in (this means you never need
to worry about sshd chrooting).


Instead of running the process sftp-server and passing it's stdio via the
ssh connection, it would instead connect to the unix socket which would be
controlled by the sftp-server.  

My guess is that this could be relatively easy to implement.  Just use the
socket for the in/out fd's and add a little socket listening code to
sftp-server.  The other option would be to create an sftpd which forks and
exec's sftp-server using sftp-server's stdio as the data to be passed
across the socket -- maybe some type of generic unix socket server would
make more sense to quickly implement than adding code to sftp-server.

I am not sure what this would introduce to the problem, but it could see
it as being a rather usefull tool.  It would also secure other services
which the server admin wanted to override.



Eric Wheeler
Network Administrator
20417 SW 70th Ave.
Tualatin, OR 97062
Voice: 503.692.5268

More information about the openssh-unix-dev mailing list