chroot directory must be root owned
igoh
groupwest at yahoo.com
Thu Sep 9 17:09:28 EST 2010
Hi Team,
I am just a curious individual user who reviewed the OpenSSH;not working for
a company.
I was just wondering why there is a restriction for chroot directory to be
owned by root. The line of code below in session.c show them.
The basic UNIX security permissions provide a sufficient access control.
Have you guys found a way to bypass security if the directory is not owned
by root?
- * Descend the path, checking that each component is a
- * root-owned directory with strict permissions.
- */
- for (cp = path; cp != NULL;) {
- if ((cp = strchr(cp, '/')) == NULL)
- strlcpy(component, path, sizeof(component));
- else {
- cp++;
- memcpy(component, path, cp - path);
- component[cp - path] = '\0';
- }
-
- debug3("%s: checking '%s'", __func__, component);
-
- if (stat(component, &st) != 0)
- fatal("%s: stat(\"%s\"): %s", __func__,
- component, strerror(errno));
- * if (st.st_uid != 0 || (st.st_mode & 022) != 0)*
- fatal("bad ownership or modes for chroot "
- "directory %s\"%s\"",
- cp == NULL ? "" : "component ", component);
Many Thanks,
Indra G
More information about the openssh-unix-dev
mailing list