[Bug 2556] New: on Linux non-root process can chroot
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 19 11:01:38 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2556
Bug ID: 2556
Summary: on Linux non-root process can chroot
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: igor at mir2.org
Currently sshd exits with fatal error if it see ChrootDirectory option
when running as non-root,
https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591
.
This is wrong on Linux as there non-root process can perform chroot as
long as it has SYS_CHROOT effective capability. So the code should
either query the capability or the check should be removed as sshd
treats any chroot syscall errors as fatal in any case.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list