ChrootDirectory on a per key basis

Jefferson Ogata Jefferson.Ogata at
Sat Oct 25 08:55:14 EST 2008

On 2008-10-24 21:18, Chris Wilson wrote:
> On Fri, 24 Oct 2008, Damien Miller wrote:
>> No, letting users chroot to arbitrary directories introduces
>> serious security problems. Think about hard-linking /bin/su into
>> a chroot on the same filesystem where an attacker has filled in
>> a friendly /etc/passwd.
> I thought that the suid bit was a property of the directory entry, not the 
> inode? On what platforms is the suid bit a property of the inode, which 
> would make this exploit possible?

All of them.

The only properties in a directory entry are a name, entry type (regular 
file, directory, block device, etc.), and an inode number.

Jefferson Ogata <Jefferson.Ogata at>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at>
"Never try to retrieve anything from a bear."--National Park Service

More information about the openssh-unix-dev mailing list