https://bugzilla.mindrot.org/show_bug.cgi?id=1575
Summary: OpenSSH 5.2p1 failure using ChrootDirectory option on
AIX
Product: Portable OpenSSH
Version: 5.2p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: cartmanltd@hotmail.com
CC: cartmanltd@hotmail.com
I have been experimenting with the ChrootDirectory feature on OpenSSH
5.2p1 running on AIX 5.3, but have encountered repeated failures
chroot("/restrict/home"): Operation not permitted.
Debugging the sshd process, it is the "chroot()" subroutine failing
with error EPERM "Operation not permitted" because the process no
longer has root user authority. Under AIX, the manual pages for the
"chroot()" subroutine say "The calling process must have root user
authority in order to change the effective root directory."
I believe the problematic code is located in the "session.c" module
within function "do_setusercontext()". In this function, the
"setpcred()" subroutine is called to change the user/group privileges
from the root user to that of the ssh user. This is later followed by
"safely_chroot()" (which invokes "chroot()"). Unfortunately the order
of these calls wont work for non-root users on AIX. To make it work,
the "safely_chroot()" must be called before "setprcred()".
Solaris has a similar restriction for "chroot()", viz: "The
{PRIV_PROC_CHROOT} privilege is not asserted in the effective set of
the calling process."
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: OpenSSH 5.2p1 failure using ChrootDirectory option on
AIX
Product: Portable OpenSSH
Version: 5.2p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: cartmanltd@hotmail.com
CC: cartmanltd@hotmail.com
I have been experimenting with the ChrootDirectory feature on OpenSSH
5.2p1 running on AIX 5.3, but have encountered repeated failures
chroot("/restrict/home"): Operation not permitted.
Debugging the sshd process, it is the "chroot()" subroutine failing
with error EPERM "Operation not permitted" because the process no
longer has root user authority. Under AIX, the manual pages for the
"chroot()" subroutine say "The calling process must have root user
authority in order to change the effective root directory."
I believe the problematic code is located in the "session.c" module
within function "do_setusercontext()". In this function, the
"setpcred()" subroutine is called to change the user/group privileges
from the root user to that of the ssh user. This is later followed by
"safely_chroot()" (which invokes "chroot()"). Unfortunately the order
of these calls wont work for non-root users on AIX. To make it work,
the "safely_chroot()" must be called before "setprcred()".
Solaris has a similar restriction for "chroot()", viz: "The
{PRIV_PROC_CHROOT} privilege is not asserted in the effective set of
the calling process."
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs