chroot for sftp using unix sockets
ewheeler at kaico.com
ewheeler at kaico.com
Wed May 22 04:10:09 EST 2002
> Re: OpenSSH 3.2.2 released : chroot
> chroot at sshd level requires a sftp-server binary in every chroot target
> and that's not desirable.
You would also need all the libraries necessary to run sftp-server. What
if there were an sftpd which ssh would talk over a pair of pipes or unix
socket to to avoid having an sftp-server binary and associated libraries
living in the jail as well? My idea is as follows:
Process:
1. User authenticates and requests the execution of sftp-server.
2. sshd realizes that sftp-server is being executed and connects instead
to some unix socket (/var/run/sftpd? probably 600, owned by root). This
would require some option like this:
OverideBinaryWithSocket /usr/bin/sftp-server /var/run/sftpd
3. sftpd accepts the AF_UNIX connection, forks a child, chroots, and gives
up root access in favor of the user logging in (this means you never need
to worry about sshd chrooting).
Implementation:
Instead of running the process sftp-server and passing it's stdio via the
ssh connection, it would instead connect to the unix socket which would be
controlled by the sftp-server.
My guess is that this could be relatively easy to implement. Just use the
socket for the in/out fd's and add a little socket listening code to
sftp-server. The other option would be to create an sftpd which forks and
exec's sftp-server using sftp-server's stdio as the data to be passed
across the socket -- maybe some type of generic unix socket server would
make more sense to quickly implement than adding code to sftp-server.
I am not sure what this would introduce to the problem, but it could see
it as being a rather usefull tool. It would also secure other services
which the server admin wanted to override.
Ideas?
--
Eric Wheeler
Network Administrator
KAICO
20417 SW 70th Ave.
Tualatin, OR 97062
www.kaico.com
Voice: 503.692.5268
More information about the openssh-unix-dev
mailing list