openssh bugs - Sep 2006 - [Bug 1235] [PATCH] scp does unnecessary getpwuid(), breaking chroot

http://bugzilla.mindrot.org/show_bug.cgi?id=1235

           Summary: [PATCH] scp does unnecessary getpwuid(), breaking chroot
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: scp
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: m.kooijman at student.utwente.nl
                CC: m.kooijman at student.utwente.nl


When started, scp will always call getpwuid() to retrieve information
about the current user. 

This information is used by scp in "client mode" to determine the
login
name when none has been specified on the command line. scp in "server
mode" (ie, when called with -t or -f) will never use the user
information at all, but still requests it at startup.

Though this is not strictly a bug, it does have some unwanted side
effects. In particular, this creates an added dependency for running
scp inside a chroot jail, since username lookups must be enabled. This
means that the passwd file or the used nss libs should be present
inside the jail, which might not be wanted or possible (in our case).

The attached patch will simply skip the gepwuid() call when scp is
called in "server mode". It has been running in our production
environment for a while now. Though the patch has been created against
OpenSSH 3.8 (FreeBSD 5.4), I've checked the CVS version and nothing
seems to have changed that would break this patch.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1235





------- Comment #1 from m.kooijman at student.utwente.nl  2006-09-25 10:00
-------
Created an attachment (id=1187)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1187&action=view)
Patch for scp




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1235


m.kooijman at student.utwente.nl changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #1187 is|0                           |1
           obsolete|                            |




------- Comment #2 from m.kooijman at student.utwente.nl  2006-09-25 10:06
-------
Created an attachment (id=1188)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1188&action=view)
Updated patch

W00ps, the first patch was accidentally reversed. Here's a correct one.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.