magnus at mandarin.nu
2003-Sep-30 15:43 UTC
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
Hello all, Here is an updated patch. I published the original patch published on august 16. --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200 +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 @@ -24,6 +24,7 @@ #include \"includes.h\" RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $\"); +#define CHROOT #include \"buffer.h\" #include \"bufaux.h\" #include \"getput.h\" @@ -33,6 +34,15 @@ #include \"sftp.h\" #include \"sftp-common.h\" +#ifdef CHROOT +#include \"uidswap.h\" +#include <pwd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <string.h> +#include <unistd.h> +#endif /* CHROOT */ + /* helper */ #define get_int64() buffer_get_int64(&iqueue); #define get_int() buffer_get_int(&iqueue); @@ -62,6 +72,49 @@ Attrib attrib; }; +#ifdef CHROOT +static void +chroot_init(void) +{ + struct passwd *pw; + struct stat st; + + /* Sanity checking before chroot */ + if ((pw = getpwuid(getuid())) == NULL) + fatal(\"getpwuid failed for %u\", (u_int)pw->pw_uid ); + + /* Sets passwd pointer to null */ + memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + endpwent(); + + if (geteuid() != 0) + fatal(\"must be SUID root to use chroot feature\"); + + if ((stat(pw->pw_dir, &st)) == -1) + fatal(\"cannot stat chroot directory %s: %s\", pw->pw_dir, strerror(errno)); + + if (!S_ISDIR(st.st_mode)) + fatal(\"%s is not a directory: %s\", pw->pw_dir, strerror(errno)); + + /* Drop our privileges */ + debug3(\"chroot user:group %u:%u\", (u_int)pw->pw_uid, (u_int)pw->pw_gid); + + /* Change our root directory */ + if (chroot(pw->pw_dir) == -1) + fatal(\"chroot(\\\"%s\\\"): %s\", pw->pw_dir, strerror(errno)); + + /* Change dir to prevent chroot break */ + if (chdir(\"/\") == -1) + fatal(\"chdir(\\\"/\\\"): %s\", strerror(errno)); + + if (setgid(pw->pw_gid) < 0) + fatal(\"setgid failed for %u\", (u_int)pw->pw_gid ); + + permanently_set_uid(pw); + +} +#endif /* CHROOT */ + static int errno_to_portable(int unixerrno) { @@ -1028,15 +1081,19 @@ int in, out, max; ssize_t len, olen, set_size; +#ifdef DEBUG_SFTP_SERVER + log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); +#endif + +#ifdef CHROOT + chroot_init(); +#endif + /* XXX should use getopt */ __progname = ssh_get_progname(av[0]); handle_init(); -#ifdef DEBUG_SFTP_SERVER - log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); -#endif - in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); To apply this patch on OpenSSH 3.7.1p2: - patch -p0 < sftp-server.patch - edit Makefile and include uidswap.o in sftp-server - make sftp-server - copy sftp-server into your chroot and set u+s Any problems with it, please share, works ok for me on Solaris 8. Regards Magnus
Ben Lindstrom
2003-Sep-30 15:57 UTC
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
On Tue, 30 Sep 2003 magnus at mandarin.nu wrote:> Hello all, > > Here is an updated patch. I published the original patch published on > august 16. > > --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 > +0200 > +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 > @@ -24,6 +24,7 @@ > #include \"includes.h\"^^^^^^^^^^^^^ Your patch is corrupted. - Ben