[scponly] Relative listing outside scponlyc chroot jail allowed?

Fri Sep 21 20:17:14 EDT 2007

Jan,

That sounds like a problem with the chroot / kernel.  I don't have a Mac to 
test against, but it definitely doesn't behave like that on my Linux box.  
It's also hard to imagine that a bug like that could exist.... What does the 
passwd entry look like for that user?

I would be interested in looking at any debug output you can provide. It might 
also help somebody else to attempt to reproduce it with a Mac.

If you manually chroot to your chroot directory, do you see the same behavior 
with ls?

Thanks.

--Kaleb

On Friday 21 September 2007, Jan Mazáč wrote:
> Hello list,
>
> I have to admit I'm confused. When I just finished building my second
> scponlyc chrooted enviroment I tested it quickly to find behavior I
> don't understand and was not aware of before. It is so obvious now
> that I'm not sure if it is bug or feature. Maybe it is just something
> fundamental I'm missing, if so please bear with me.
>
> When connecting to scponlyc account with SFTP GUI client (Transmit)
> everything looks and behaves as expected. My chroot jailed user
> should land in /Users/SomeUser/Sites// and it does so, can't go higher.
>
> When I use terminal and connect with sftp command I'm not able to cd
> to higher level by issuing "cd .." which is correct behavior. When I
> issue "ls /" it lists content of the chroot jail not the root of the
> system, also correct. But when I issue "ls .." I can see listing of
> the directory above the chroot jail. Analogicaly when issuing
> "get ../../../etc/mail.rc" for instance (knowing the relative path)
> I'm able to download that file (as it is readable by everyone).
>
> Doesn't this defeats its purpose? I understand that I still can't
> change the directory to upper then chroot jail level but still could
> list there and if I know relative path and have enough permissions
> read (presumably also write) files outside jail. Am I missing
> something obvious or it is not really intended to work this way.
>
> I'm on Mac OS X 10.4.10 (Intel). I have compiled scponly 4.6 (with
> chrooted binary support), installed and created jails following
> modified instruction found on now defunct URL http://www.schwie.com/
> brad/macosxsftpchroot/ (Google cache http://209.85.135.104/search?
> q=cache:9cCNL0wZR4cJ:www.schwie.com/brad/macosxsftpchroot/ ). I had
> to improvise a little on newer Intel machine since instructions are
> bit dated, but finally got it working by adding one more library and /
> dev/null to chroot jail.
>
> I have also much older installation on PPC OS X machine using scponly
> 4.1 and older version of sftp-server. It behaves exactly the same.
>
> Folder /Users/SomeUser/Sites// is owned by root. I see no errors in
> syslog even when scponly logging is turned on second level (2) in etc/
> sponly/debuglevel file.
>
> Could someone enlighten me?
>
> jan
>
> ::: jan mazáč ::: www.hifi-web.com ::: +420 603 295 975 :::