[scponly] chroot and FreeBSD 5.1-CURRENT

Hideyuki KURASHINA rushani at bl.mmtr.or.jp
Sat Nov 15 03:34:04 EST 2003 

Hi, Stefano,

>>> On Fri, 14 Nov 2003 15:49:10 +0100, Stefano Biella <sbiella at dmint.net> said:

> I've created with "make jail" the chrooted environment (attached you 
> will find the ls -lR of the directory tree) but when I try to login I 
> receive  only the "Connection cloded" message:
> 
> $ sftp test3 at 10.1.1.150
> Connecting to 10.1.1.150...
> Password:
> Connection closed
> $

Is this occured immediately after connection?

> Does someone knows if the chroot scritp works fine with FreeBSD 5.1 and 
> if all the needed files for the chrooted environment are copied by the 
> script?

I've confirmed that scponly works on FreeBSD 5.1R and its security branch,
but not -CURRENT.

> total 10
> drwxr-xr-x  2 root   wheel  512 Nov 14 11:39 bin
> drwxr-xr-x  2 root   wheel  512 Nov 14 11:39 etc
> drwxr-xr-x  2 test3  wheel  512 Nov 14 11:39 incoming
> drwxr-xr-x  2 root   wheel  512 Nov 14 11:39 lib
> drwxr-xr-x  7 root   wheel  512 Nov 14 11:39 usr
[...]
> ./lib:
> total 2054
> -rwxr-xr-x  1 root  wheel   886504 Nov 14 11:39 libc.so.5
> -rwxr-xr-x  1 root  wheel  1103692 Nov 14 11:39 libcrypto.so.3
> -rwxr-xr-x  1 root  wheel    55056 Nov 14 11:39 libz.so.2
[...]
> ./usr/libexec:
> total 154
> -rwxr-xr-x  1 root  wheel  133180 Nov 14 11:39 ld-elf.so.1
                                                 ^^^^^^^^^^^
According to the your output of `ls -la', you probably build userland
with WITH_DYNAMICROOT flag that supports dynamically-linked binaries
in /bin and /sbin, don't you?  If so, I think the problem is
where ld-elf.so.1 (run-time link-editor) is located.  In this case,
ld-elf.so.1 should be in $targetdir/libexec.

> Are there some patch or modifications that must be made to the 
> setup_chroot.sh?

Could you try attached patch?

Thanks,

-- rushani

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.9
diff -u -r1.9 Makefile
--- Makefile	2 Sep 2003 08:47:16 -0000	1.9
+++ Makefile	14 Nov 2003 18:24:32 -0000
@@ -65,6 +65,10 @@
 
 .include <bsd.port.pre.mk>
 
+.if ${OSVERSION} >= 501105 && exists(/libexec/ld-elf.so.1)
+EXTRA_PATCHES+=	${PATCHDIR}/extra-patch-aa
+.endif
+
 .if defined(WITHOUT_SCPONLY_WILDCARDS)
 CONFIGURE_ARGS+=--disable-wildcards
 .endif
Index: files/extra-patch-aa
===================================================================
RCS file: files/extra-patch-aa
diff -N files/extra-patch-aa
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/extra-patch-aa	14 Nov 2003 18:24:32 -0000
@@ -0,0 +1,21 @@
+--- ./setup_chroot.sh.in.orig	Sat Nov 15 03:03:35 2003
++++ ./setup_chroot.sh.in	Sat Nov 15 03:15:51 2003
+@@ -106,6 +106,7 @@
+ @INSTALL@ -d $targetdir/usr/local/lib
+ @INSTALL@ -d $targetdir/usr/local/bin
+ @INSTALL@ -d $targetdir/lib
++ at INSTALL@ -d $targetdir/libexec
+ @INSTALL@ -d $targetdir/usr/lib
+ @INSTALL@ -d $targetdir/usr/libexec
+ @INSTALL@ -d $targetdir/usr/libexec/openssh
+@@ -127,8 +128,8 @@
+ 	LIB_LIST="$LIB_LIST /lib/ld-linux.so.2"
+ 	LDSOFOUND=1
+ fi
+-if [ -f /usr/libexec/ld-elf.so.1 ]; then
+-	LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1"
++if [ -f /libexec/ld-elf.so.1 ]; then
++	LIB_LIST="$LIB_LIST /libexec/ld-elf.so.1"
+ 	LDSOFOUND=1
+ fi
+

More information about the scponly mailing list