Under "ChrootDirectory" there is a line that says, "This path, and all its components, must be root-owned directories that are not writable by any other user or group." When I first read this "all its components" seemed to mean that all directories and files within this directory must be root owned and root only writable. This seemed odd as I would not be able to allow uploads if this was true. In this ChrootDirectory I have three folders. I set them all to be owned by a non root user and writable by a group. When I log in, it works just as I hoped and I am able to upload now. I would have figured at the very least that "all its components" would mean that direct children of the ChrootDirectory would have to have the above mentioned restrictions. However, it did work. So my question is... what is meant by "all its components"?
Quoth Robert Waite:> > Under "ChrootDirectory" there is a line that says, > > "This path, and all its components, must be root-owned directories > that are not writable by any other user or group." > > When I first read this "all its components" seemed to mean that > all directories and files within this directory must be root owned > and root only writable. This seemed odd as I would not be able > to allow uploads if this was true. > > In this ChrootDirectory I have three folders. I set them all to be > owned by a non root user and writable by a group. When I log in, it > works just as I hoped and I am able to upload now. > I would have figured at the very least that "all its components" would > mean that direct children of the ChrootDirectory would have to havethe> above mentioned restrictions. However, it did work. > > So my question is... what is meant by "all its components"?[[SAN]] If the chrooted path is /a/b/c/d/e, the all of /a, /a/b, /a/b/c, /a/b/c/d, and /a/b/c/d/e must be owned by root, and only root writable. Otherwise, it's possible to spoof, by $EVILUSER renaming /a/b/c to /a/b/c.real and putting their own evil /a/b/c in place. I did this once (with management permission), when we needed root access to a system, the admin wasn't available, and he'd foolishly left / as world writeable. I renamed /etc, created a new /etc with a dummy /etc/passwd, and logged in as root. Ugly, and should never have been possible, but it worked.
all components of the pathname On Thu, Nov 05, 2009 at 02:38:05PM -0500, Robert Waite wrote:> Under "ChrootDirectory" there is a line that says, > > "This path, and all its components, must be root-owned directories > that are not writable by any other user or group." > > When I first read this "all its components" seemed to mean that > all directories and files within this directory must be root owned > and root only writable. This seemed odd as I would not be able > to allow uploads if this was true. > > In this ChrootDirectory I have three folders. I set them all to be > owned by a non root user and writable by a group. When I log in, it > works just as I hoped and I am able to upload now. > I would have figured at the very least that "all its components" would > mean that direct children of the ChrootDirectory would have to have the > above mentioned restrictions. However, it did work. > > So my question is... what is meant by "all its components"? > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Ah ha! I got ya. Makes perfect sense now. I had showed it to an admin and also an old school linux kernel hacker and both were confused as well. Thanks for the quick response (to Scott as well)! On Thu, Nov 5, 2009 at 2:53 PM, Markus Friedl <markus.r.friedl at arcor.de>wrote:> all components of the pathname > > On Thu, Nov 05, 2009 at 02:38:05PM -0500, Robert Waite wrote: > > Under "ChrootDirectory" there is a line that says, > > > > "This path, and all its components, must be root-owned directories > > that are not writable by any other user or group." > > > > When I first read this "all its components" seemed to mean that > > all directories and files within this directory must be root owned > > and root only writable. This seemed odd as I would not be able > > to allow uploads if this was true. > > > > In this ChrootDirectory I have three folders. I set them all to be > > owned by a non root user and writable by a group. When I log in, it > > works just as I hoped and I am able to upload now. > > I would have figured at the very least that "all its components" would > > mean that direct children of the ChrootDirectory would have to have the > > above mentioned restrictions. However, it did work. > > > > So my question is... what is meant by "all its components"? > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev at mindrot.org > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Maybe Matching Threads
- [Bug 2289] New: arandom(4) as documented in sshd_config(5)’s ChrootDirectory option does not exist on all platforms
- ChrootDirectory security
- Questions about ChrootDirectory
- Is there any method, with ChrootDirectory and internal-sftp, to automatically cd to a subdir on login?
- New sshd_config - what has changed?