About setpcred() and chroot()

Xavier Lapie bana at docisland.org
Mon Mar 2 21:52:30 EST 2009


Hi,

I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3
with OpenSSH_5.2p1.
But there is a problem with the chroot() call.

In the do_setusercontext() function,  chroot() is called after the setpcred()
(only AIX is concerned by the setpcred() call), so privileges are already
dropped when chroot() is called.

When not calling setpcred(), the chroot() does not fail and the privileges
are dropped anyway within the permanently_set_uid() call, just after the
safely_chroot() call.

Is the setpcred() really usefull ? If so, is it called at the right time ?


Best Regards.

-- 
Xavier


More information about the openssh-unix-dev mailing list