ChrootDirectory security
Damien Miller
djm at mindrot.org
Sun Mar 29 19:54:21 EST 2009
On Sat, 28 Mar 2009, Alexander Prinsier wrote:
> Hello,
>
> I've tried many places, finally ending up here to ask my question: why
> is it so vital that the directory used with the ChrootDirectory
> directive is root-owned?
>
> Like many people I'm trying to use this in a webhosting environment
> where several users get sftp-only access to some directory, usually
> something like /home/user/web/part-of-website.
>
> I can be sure that there are no setuid binaries in /home, so that rules
> out some possible vulnerabilities. Could anyone tell me what other
> problems a non-root-owned chroot directory could create?
Basically because having a non-root-user-writable root directory (i.e.
what chroot(2) without a root-ownership test gives you) can be exploited
through setuid programs, and because sshd has no way of determining
whether setuid programs exist in the chroot.
-d
More information about the openssh-unix-dev
mailing list