chroot directory must be root owned

igoh groupwest at yahoo.com
Thu Sep 9 17:09:28 EST 2010


Hi Team,

I am just a curious individual user who reviewed the OpenSSH;not working for
a company.
I was just wondering why there is a restriction for chroot directory to be
owned by root. The line of code below in session.c show them.
The basic UNIX security permissions provide a sufficient access control.
Have you guys found a way to bypass security if the directory is not owned
by root?


-        * Descend the path, checking that each component is a
-        * root-owned directory with strict permissions.
-        */
-       for (cp = path; cp != NULL;) {
-               if ((cp = strchr(cp, '/')) == NULL)
-                       strlcpy(component, path, sizeof(component));
-               else {
-                       cp++;
-                       memcpy(component, path, cp - path);
-                       component[cp - path] = '\0';
-               }
-
-               debug3("%s: checking '%s'", __func__, component);
-
-               if (stat(component, &st) != 0)
-                       fatal("%s: stat(\"%s\"): %s", __func__,
-                           component, strerror(errno));
-            *   if (st.st_uid != 0 || (st.st_mode & 022) != 0)*
-                       fatal("bad ownership or modes for chroot "
-                           "directory %s\"%s\"",
-                           cp == NULL ? "" : "component ", component);


Many Thanks,
Indra G


More information about the openssh-unix-dev mailing list