About setpcred() and chroot()
Xavier Lapie
bana at docisland.org
Mon Mar 2 21:52:30 EST 2009
Hi,
I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3
with OpenSSH_5.2p1.
But there is a problem with the chroot() call.
In the do_setusercontext() function, chroot() is called after the setpcred()
(only AIX is concerned by the setpcred() call), so privileges are already
dropped when chroot() is called.
When not calling setpcred(), the chroot() does not fail and the privileges
are dropped anyway within the permanently_set_uid() call, just after the
safely_chroot() call.
Is the setpcred() really usefull ? If so, is it called at the right time ?
Best Regards.
--
Xavier
More information about the openssh-unix-dev
mailing list