http://bugzilla.mindrot.org/show_bug.cgi?id=1235
Summary: [PATCH] scp does unnecessary getpwuid(), breaking chroot
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: scp
AssignedTo: bitbucket@mindrot.org
ReportedBy: m.kooijman@student.utwente.nl
CC: m.kooijman@student.utwente.nl
When started, scp will always call getpwuid() to retrieve information
about the current user.
This information is used by scp in "client mode" to determine the login
name when none has been specified on the command line. scp in "server
mode" (ie, when called with -t or -f) will never use the user
information at all, but still requests it at startup.
Though this is not strictly a bug, it does have some unwanted side
effects. In particular, this creates an added dependency for running
scp inside a chroot jail, since username lookups must be enabled. This
means that the passwd file or the used nss libs should be present
inside the jail, which might not be wanted or possible (in our case).
The attached patch will simply skip the gepwuid() call when scp is
called in "server mode". It has been running in our production
environment for a while now. Though the patch has been created against
OpenSSH 3.8 (FreeBSD 5.4), I've checked the CVS version and nothing
seems to have changed that would break this patch.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: [PATCH] scp does unnecessary getpwuid(), breaking chroot
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: scp
AssignedTo: bitbucket@mindrot.org
ReportedBy: m.kooijman@student.utwente.nl
CC: m.kooijman@student.utwente.nl
When started, scp will always call getpwuid() to retrieve information
about the current user.
This information is used by scp in "client mode" to determine the login
name when none has been specified on the command line. scp in "server
mode" (ie, when called with -t or -f) will never use the user
information at all, but still requests it at startup.
Though this is not strictly a bug, it does have some unwanted side
effects. In particular, this creates an added dependency for running
scp inside a chroot jail, since username lookups must be enabled. This
means that the passwd file or the used nss libs should be present
inside the jail, which might not be wanted or possible (in our case).
The attached patch will simply skip the gepwuid() call when scp is
called in "server mode". It has been running in our production
environment for a while now. Though the patch has been created against
OpenSSH 3.8 (FreeBSD 5.4), I've checked the CVS version and nothing
seems to have changed that would break this patch.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs