openssh unix dev - Sep 2007 - chroot support for ssh and sftp

List,

I'm current running an older, patched version of OpenSSH with chroot
support (OpenSSH_4.2-chrootsshp1).  It's the chrootssh patch that James
Dennis has been providing.  I checked back lately and found that even
with the portable OpenSSH source currently at 4.7p1, James doesn't have
anything newer than 4.5p1.  I'd like to upgrade so I tried my hand at
implementing the patch in the 4.7p1 source.  Everything compiles just
fine and I even get a successful chroot for ssh sessions.  My problem is
that calls to the sftp-server subsystem fail miserably (and quietly).
Even with debugging turned on in the server and client, I still can't
get any decent output to start troubleshooting.

My questions are two-fold, then:

1. Are there plans to support chroot()'ing in the portable source?
2. What other chroot options are there available for the portable source
(I've seen Damien Miller's patch for OpenBSD, but I don't really
have
any experience coding in C)?

Ryan Frantz
Senior System Engineer
InforMed, LLC
410-972-2025 x2131
ryanfrantz at informed-llc.com

On Sat, 22 Sep 2007, Ryan Frantz wrote:
> 1. Are there plans to support chroot()'ing in the portable source?
I'd like to, but doing chroot safely is quite tricky - there are all sorts
of small corner cases that can make it quite unsafe. I have been working
on it a little recently, but I'm not sure that it will make the 4.8
release.
> 2. What other chroot options are there available for the portable source
> (I've seen Damien Miller's patch for OpenBSD, but I don't
really have
> any experience coding in C)?
There are no chroot patches that I'd recommend for general use at the
moment.

-d