bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-19 00:01 UTC
[Bug 2556] New: on Linux non-root process can chroot
https://bugzilla.mindrot.org/show_bug.cgi?id=2556
Bug ID: 2556
Summary: on Linux non-root process can chroot
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: igor at mir2.org
Currently sshd exits with fatal error if it see ChrootDirectory option
when running as non-root,
https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591
.
This is wrong on Linux as there non-root process can perform chroot as
long as it has SYS_CHROOT effective capability. So the code should
either query the capability or the check should be removed as sshd
treats any chroot syscall errors as fatal in any case.
--
You are receiving this mail because:
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2533] New: do not check if HostKeyAgent is available on ssdh startup
- [Bug 2534] New: option to get host key list from HostKeyAgent
- OpenSSH + chroot + SELinux = broke
- [Bug 2600] New: Use Linux capabilities to revoke additional permissions from chrooted users
- [Bug 1616] New: root owned empty subdirs are deletable by chroot users
Wisdom of the Ancients
