magnus at mandarin.nu
2003-Sep-30 15:43 UTC
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
Hello all,
Here is an updated patch. I published the original patch published on
august 16.
--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
+0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
#include \"includes.h\"
RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp
$\");
+#define CHROOT
#include \"buffer.h\"
#include \"bufaux.h\"
#include \"getput.h\"
@@ -33,6 +34,15 @@
#include \"sftp.h\"
#include \"sftp-common.h\"
+#ifdef CHROOT
+#include \"uidswap.h\"
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#endif /* CHROOT */
+
/* helper */
#define get_int64() buffer_get_int64(&iqueue);
#define get_int() buffer_get_int(&iqueue);
@@ -62,6 +72,49 @@
Attrib attrib;
};
+#ifdef CHROOT
+static void
+chroot_init(void)
+{
+ struct passwd *pw;
+ struct stat st;
+
+ /* Sanity checking before chroot */
+ if ((pw = getpwuid(getuid())) == NULL)
+ fatal(\"getpwuid failed for %u\", (u_int)pw->pw_uid );
+
+ /* Sets passwd pointer to null */
+ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
+ if (geteuid() != 0)
+ fatal(\"must be SUID root to use chroot feature\");
+
+ if ((stat(pw->pw_dir, &st)) == -1)
+ fatal(\"cannot stat chroot directory %s: %s\", pw->pw_dir,
strerror(errno));
+
+ if (!S_ISDIR(st.st_mode))
+ fatal(\"%s is not a directory: %s\", pw->pw_dir,
strerror(errno));
+
+ /* Drop our privileges */
+ debug3(\"chroot user:group %u:%u\", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+
+ /* Change our root directory */
+ if (chroot(pw->pw_dir) == -1)
+ fatal(\"chroot(\\\"%s\\\"): %s\", pw->pw_dir,
strerror(errno));
+
+ /* Change dir to prevent chroot break */
+ if (chdir(\"/\") == -1)
+ fatal(\"chdir(\\\"/\\\"): %s\", strerror(errno));
+
+ if (setgid(pw->pw_gid) < 0)
+ fatal(\"setgid failed for %u\", (u_int)pw->pw_gid );
+
+ permanently_set_uid(pw);
+
+}
+#endif /* CHROOT */
+
static int
errno_to_portable(int unixerrno)
{
@@ -1028,15 +1081,19 @@
int in, out, max;
ssize_t len, olen, set_size;
+#ifdef DEBUG_SFTP_SERVER
+ log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH,
0);
+#endif
+
+#ifdef CHROOT
+ chroot_init();
+#endif
+
/* XXX should use getopt */
__progname = ssh_get_progname(av[0]);
handle_init();
-#ifdef DEBUG_SFTP_SERVER
- log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH,
0);
-#endif
-
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
To apply this patch on OpenSSH 3.7.1p2:
- patch -p0 < sftp-server.patch
- edit Makefile and include uidswap.o in sftp-server
- make sftp-server
- copy sftp-server into your chroot and set u+s
Any problems with it, please share, works ok for me on Solaris 8.
Regards
Magnus
Ben Lindstrom
2003-Sep-30 15:57 UTC
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
On Tue, 30 Sep 2003 magnus at mandarin.nu wrote:> Hello all, > > Here is an updated patch. I published the original patch published on > august 16. > > --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 > +0200 > +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 > @@ -24,6 +24,7 @@ > #include \"includes.h\"^^^^^^^^^^^^^ Your patch is corrupted. - Ben