[scponly] why won't 'find' work in the chroot ?

Ensel Sharon user at dhp.com
Fri Sep 22 14:52:09 EDT 2006


Hi Kaleb,

On Thu, 21 Sep 2006, Kaleb Pederson wrote:

> On Thursday 21 September 2006 12:17 pm, Ensel Sharon wrote:
> > I hacked the find command into scponly.c ...
> 
> And I'm sure you disallowed -exec and anything else that might be dangerous!


Well, I'm considering it, but -exec would only offer execution of the
binaries that are already a) allowed by scponly, and b) present in the
chroot...

Or am I wrong and it would allow execution of any binary that the user
puts into the chroot, but would still be limited in scope of action to the
chroot ?


> > However, it refuses to traverse the users chroot directory, and in a way
> > that does not seem to match its normal respecting of unix permissions
> >
> > users home directory in /etc/passwd is:
> >
> > /home
> 
> The real /etc/passwd, or the one within the chroot?


Both.  Thier home directory in both is:

/home

But they are not allowed to read home (chmod 0711, owned by root) , only
execute, so that they can traverse through to their "incoming" directory
(chmod 0700, owned by that user)


> > So when I run:
> >
> > ssh user at host find /user
> 
> What does /user have to do with /home above? Are you assuming they are already 
> chrooted to their home directory? Why would /user exist below their home 
> directory then?


Well ... again, /home is their home directory, in terms of the passwd
files, but they cant touch that dir - only traverse through
it.  So when they do things remotely over ssh, they cannot use plain "/",
they have to specify their "incoming" dir, hence:

ssh user at host find /user

(which would run find on /home/user)


> > I get:
> >
> > find: .: Permission denied
> 
> Mind giving us the debug output that would be in syslog on the server side?


No errors:

Sep 22 11:47:20 hostname sshd[74995]: Accepted keyboard-interactive/pam
for username from 10.10.10.6 port 55726 ssh2
Sep 22 11:47:20 hostname scponly[74999]: chrooted binary in place, will
chroot()
Sep 22 11:47:20 hostname scponly[74999]: 3 arguments in total.
Sep 22 11:47:20 hostname scponly[74999]:        arg 0 is scponlyc
Sep 22 11:47:20 hostname scponly[74999]:        arg 1 is -c
Sep 22 11:47:20 hostname scponly[74999]:        arg 2 is find /username
Sep 22 11:47:20 hostname scponly[74999]: opened log at LOG_AUTHPRIV, opts
0x00000009
Sep 22 11:47:20 hostname scponly[74999]: retrieved home directory of
"/home" for user "username"
Sep 22 11:47:20 hostname scponly[74999]: chrooting to dir: "/home"
Sep 22 11:47:20 hostname scponly[74999]: chdiring to dir: "/"
Sep 22 11:47:20 hostname scponly[74999]: setting uid to username
Sep 22 11:47:20 hostname scponly[74999]: processing request: "find
/username"
Sep 22 11:47:20 hostname scponly[74999]: Found "HOME" and setting it to
"/home"
Sep 22 11:47:20 hostname scponly[74999]: Environment contains "HOME=/home"
Sep 22 11:47:20 hostname scponly[74999]: set HOME environment variable to
/ username: username(username), IP/port: 10.10.10.6 55726 22
Sep 22 11:47:20 hostname scponly[74999]: running: /usr/bin/find /username
(username: username(username), IP/port: 10.10.10.6 55726 22)

I am using this setup with complete success in all other regards - this
same user can ls, rm, mv, etc., in his chroot with this setup.  It's just
find that barfs, and I suspect there is nothing wrong with scponly or with
the chroot.

I just wonder what it is that find does that causes it to complain...




More information about the scponly mailing list