[scponly] Re: chdir in chroot problem (re-visited)

David Ramsden david at hexstream.eu.org
Tue May 25 16:59:27 EDT 2004 

On Tue, May 25, 2004 at 08:25:32PM +0100, david wrote:
[snip]
> 
> So when they login, they automatically get chdir'ed to ~/www
> This doesn't work when using scponlyc - It does work however when using
> scponly
> 
> So it's something either wrong in scponlyc itself or with my chroot. But
> others have reported this too and I believe before scpjailer was
> announced.
> 
[snip]

OK - I've been poking around with the source and this is what I've
found:

scponly.c, line 158 - The while loop gets the "root directory",
excluding any additional chdir stuff. So it you had
/home/fred//www, this gets transformed to /home/fred which is used
to chroot() later.

scponly.c, line 170 - Here, it chroot()'s to the determined "root
directory". i.e. /home/fred but it does not honour any additional chdir
stuff. This was disregarded ealier in the while() to determine the
correct "root directory" to chroot() to.

So after the chroot() stuff (line 170 of scponly.c) it needs to do a
chdir() if it's needed to "/www" for example if earlier, the
homedir was something like /home/fred//www (taken from
/etc/passwd).

I'm not really a great C programmer - I believe this is what needs to be
done here to fix this problem once and for all. Can someone knock up a
patch as a kind of proof-of-concept?

I can manually hack it. So after the chroot() at line 170, I can add in
chdir("/www") as if it was correctly honouring "/home/fred//www" and it
works fine.

I hope this helps!
Look forward to seeing this bug fixed, if indeed I'm on the right track.

Regards,
David.
-- 
 .''`.     David Ramsden <david at hexstream.eu.org>
: :'  :    http://david.hexstream.eu.org/
`. `'`     PGP key ID: 507B379B on wwwkeys.pgp.net
  `-  Debian - when you have better things to do than to fix a system.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040525/bb8808f2/attachment.bin

More information about the scponly mailing list