Re: chroot'd SFTP

This is a discussion on Re: chroot'd SFTP within the OpenSSH Development forums, part of the Networking and Network Related category; On Sun, 29 Jul 2007, Richard Storm wrote: > Thanks for these 3rd party hacks! I don't trust them. &...

		Usenet Forums > Networking and Network Related > OpenSSH Development
Re: chroot'd SFTP

LinkBack

Thread Tools

Search this Thread

Display Modes

#1 (permalink)

07-30-2007

Damien Miller

Posts: n/a

Re: chroot'd SFTP

On Sun, 29 Jul 2007, Richard Storm wrote:

> Thanks for these 3rd party hacks! I don't trust them.
> There must be such feature in openssh out of box.
>
> So the most secure/easyer method of giving sftp access to porn collection is:
> Damiens sftp-server chroot patch, which I hope to see in openssh one day :)
> http://marc.info/?l=openssh-unix-dev...3792120525&w=2

The big problem with that patch is that it effectively allows non-root
users to chroot to a directory of their choice.

The only way I have come up with to get around this problems is to arrange
sshd to execute subsystems with an additional supplementary group (say
"_sshd_subsys") and to make the setuid sftp-server mode 0710, but I haven't
properly thought through whether this will actually solve all the problems
yet.

In the meantime please treat my patch is unsupported, potentially dangerous
code.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are Off [IMG] code is Off HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

All times are GMT +1. The time now is 09:00 PM.