[scponly] Re: scponly 3.11 various bug fixes - patch released.
David Ramsden
david at hexstream.eu.org
Tue May 25 19:25:14 EDT 2004
On Tue, May 25, 2004 at 11:18:47PM +0100, david wrote:
> Hi,
>
[snip]
>
> I've finally cracked the chdir problem in scponly and also found a few
> other bugs whilst doing this so I've decided to release a patch on my
> website[1]
>
[snip]
Replying to my own post again - sorry for all the posts today!
I've just updated my patch again because of something security
related I've uncovered whilst researching this:
After a call to chroot(), chdir("/") MUST be called or the chroot() can
be broken out of. For me, the bug originally came about because I'm
using grsecurity which enforces a chdir("/") on any call to chroot() to
make it more secure.
In my updated patch, the chng_dir variable has a default of "/" so even
if you're not using something like /home/fred//www and/or not using
grsecurity, it'll still chdir("/") after the chroot() call.
I'd personally strongly recommend this is fixed ASAP because the current
chroot() function can be broken out of very easily.
[1] http://david.hexstream.eu.org/scponly-3.11-bugfixes.patch
So in conclusion - anyone having chdir problems where
"/home/fred//incoming" (for example) isn't chdir'ing to /incoming after
the chroot should get this problem fixed with this patch.
But more importantly it fixes a security issue in scponly!
Thanks and regards,
David.
--
.''`. David Ramsden <david at hexstream.eu.org>
: :' : http://david.hexstream.eu.org/
`. `'` PGP key ID: 507B379B on wwwkeys.pgp.net
`- Debian - when you have better things to do than to fix a system.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040526/be6c9192/attachment-0001.bin
More information about the scponly
mailing list