[scponly] shells inheriting the scponlyc chroot ?
Kaleb Pederson
kibab at icehouse.net
Tue Dec 19 01:25:09 EST 2006
On Monday 18 December 2006 13:20, Arone Silimantia wrote:
> I did the following with my scponly setup:
>
> 1. put 'sh' into the chroot
> 2. hacked up scponly such that it now allows the
> remote user to run a status.sh script inside the
> chroot
You can configure OpenSSH to automatically execute a certain script when a
user connects with a given keypair. This might allow you the same sort of
functionality.
> What I did not expect was that the shell the user
> received when they ran status.sh was _still_ chrooted
> into the original chroot that scponlyc put them in.
>
> This is great news - I am very pleasantly surprised.
>
> But my question is, is this normal ? Is it normal in
> unix in general, or just something that the scponlyc
> chroot does ?
This is normal and typical of chroots.
> Basically, for my own curiousity, I just want to know
> why the spawned 'sh' inherits the chroot of the shell
> it was fired off from - and further, if there is any
> danger of it getting out ?
Always. Ideally there will never be an exploit that will allow this to
happen, but it has happened in the past and could happen again.
> All comments welcome!
I would try to avoid doing it that way if possible. But if you do make sure
that your shell script traps all necessary signals, properly escapes any
input, etc.
Good luck.
--Kaleb
More information about the scponly
mailing list