[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update

Wed Oct 1 04:00:19 EST 2003

Is it ok now? Must've been my webmail that added those slashes.

--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
 #include "includes.h"
 RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $");

+#define CHROOT
 #include "buffer.h"
 #include "bufaux.h"
 #include "getput.h"
@@ -33,6 +34,15 @@
 #include "sftp.h"
 #include "sftp-common.h"

+#ifdef CHROOT
+#include "uidswap.h"
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#endif /* CHROOT */
+
 /* helper */
 #define get_int64()   buffer_get_int64(&iqueue);
 #define get_int()   buffer_get_int(&iqueue);
@@ -62,6 +72,49 @@
  Attrib attrib;
 };

+#ifdef CHROOT
+static void
+chroot_init(void)
+{
+ struct passwd *pw;
+ struct stat st;
+
+ /* Sanity checking before chroot */
+ if ((pw = getpwuid(getuid())) == NULL)
+  fatal("getpwuid failed for %u", (u_int)pw->pw_uid );
+
+ /* Sets passwd pointer to null */
+        memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
+ if (geteuid() != 0)
+  fatal("must be SUID root to use chroot feature");
+
+ if ((stat(pw->pw_dir, &st)) == -1)
+  fatal("cannot stat chroot directory %s: %s", pw->pw_dir,
strerror(errno));
+
+ if (!S_ISDIR(st.st_mode))
+  fatal("%s is not a directory: %s", pw->pw_dir, strerror(errno));
+
+ /* Drop our privileges */
+ debug3("chroot user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid);
+
+ /* Change our root directory */
+ if (chroot(pw->pw_dir) == -1)
+  fatal("chroot(\"%s\"): %s", pw->pw_dir, strerror(errno));
+
+ /* Change dir to prevent chroot break */
+ if (chdir("/") == -1)
+  fatal("chdir(\"/\"): %s", strerror(errno));
+
+ if (setgid(pw->pw_gid) < 0)
+  fatal("setgid failed for %u", (u_int)pw->pw_gid );
+
+ permanently_set_uid(pw);
+
+}
+#endif /* CHROOT */
+
 static int
 errno_to_portable(int unixerrno)
 {
@@ -1028,15 +1081,19 @@
  int in, out, max;
  ssize_t len, olen, set_size;

+#ifdef DEBUG_SFTP_SERVER
+ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+#endif
+
+#ifdef CHROOT
+ chroot_init();
+#endif
+
  /* XXX should use getopt */

  __progname = ssh_get_progname(av[0]);
  handle_init();

-#ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
-#endif
-
  in = dup(STDIN_FILENO);
  out = dup(STDOUT_FILENO);


EOF


----- Original Message -----
From: "Ben Lindstrom" <mouring at etoh.eviladmin.org>
To: <magnus at mandarin.nu>
Cc: <openssh-unix-dev at mindrot.org>
Sent: Tuesday, September 30, 2003 5:57 PM
Subject: Re: [PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update


>
>
> On Tue, 30 Sep 2003 magnus at mandarin.nu wrote:
>
> > Hello all,
> >
> > Here is an updated patch. I published the original patch published on
> > august 16.
> >
> > --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
> > +0200
> > +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
> > @@ -24,6 +24,7 @@
> >  #include \"includes.h\"
> ^^^^^^^^^^^^^
>
> Your patch is corrupted.
>
> - Ben
>
>


