Displaying 1 result from an estimated 1 matches for "arc304".
Did you mean:
ar9300
2003 Aug 16
0
sftp-server (secure) chroot patch?
...to be done in the src of sftp-server.c
I found three patches that does it:
http://www.alt219.com/software/sftp-server-chroot/
http://www.coding-zone.com/chroot+sftp-server.patch
http://groups.google.com/groups?hl=sv&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=45c783aa0a25801a&seekm=arc304%241v5l%241%40FreeBSD.csie.NCTU.edu.tw#link1
Problem one seems to be that setuid(getuid()); is reversable. Also better sanity checking before chroot is required.
I have written a patch that (probably) is more secure than the ones I found. It uses uidswap functions to change uid & gid.
Someo...