[Bug 2556] New: on Linux non-root process can chroot

bugzilla-daemon Fri, 18 Mar 2016 22:16:19 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=2556


            Bug ID: 2556
           Summary: on Linux non-root process can chroot
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

Currently sshd exits with fatal error if it see ChrootDirectory option
when running as non-root,
https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591
. 

This is wrong on Linux as there non-root process can perform chroot as
long as it has SYS_CHROOT effective capability. So the code should
either query the capability or the check should be removed as sshd
treats any chroot syscall errors as fatal in any case.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2556] New: on Linux non-root process can chroot

Reply via email to