Priv Sep SSH has / as CWD

Damien Miller djm at
Mon Feb 15 08:10:34 EST 2010

On Sun, 14 Feb 2010, Jon Kibler wrote:

> Hash: SHA1
> Hi,
> This may or may not be a bug. However, it is DEFINITELY NOT how I would
> expect and want to see sshd work!
> If you run lsof against sshd on a privilege separated user, it shows
> that sshd's CWD is /. I would hope that the CWD would be at a minimum
> /var/empty/sshd and I would really have thought it would be something
> along the lines of /var/empty/sshd/USER. (In fact, lsof does not show
> any references to /var/empty... which I assume means that it is only
> referenced during startup??)

cwd is relative to the chroot directory. Remember what chroot does?

> I also noticed that the listener sshd also has / as its CWD. I would
> have thought that it would have had ~root or /var/run as its CWD to
> prevent core files from being left in / where it may be possible for
> someone to find and pursue those files.

chdir(/) is the normal behaviour of daemon programs. If your system writes
.core files with world-readable permissions then your have bigger problems. 


More information about the openssh-unix-dev mailing list