[scponly] Relative listing outside scponlyc chroot jail allowed?

Jan Mazáč jan at hifi-web.com
Fri Sep 21 15:28:53 EDT 2007 

Hello list,

I have to admit I'm confused. When I just finished building my second  
scponlyc chrooted enviroment I tested it quickly to find behavior I  
don't understand and was not aware of before. It is so obvious now  
that I'm not sure if it is bug or feature. Maybe it is just something  
fundamental I'm missing, if so please bear with me.

When connecting to scponlyc account with SFTP GUI client (Transmit)  
everything looks and behaves as expected. My chroot jailed user  
should land in /Users/SomeUser/Sites// and it does so, can't go higher.

When I use terminal and connect with sftp command I'm not able to cd  
to higher level by issuing "cd .." which is correct behavior. When I  
issue "ls /" it lists content of the chroot jail not the root of the  
system, also correct. But when I issue "ls .." I can see listing of  
the directory above the chroot jail. Analogicaly when issuing  
"get ../../../etc/mail.rc" for instance (knowing the relative path)  
I'm able to download that file (as it is readable by everyone).

Doesn't this defeats its purpose? I understand that I still can't  
change the directory to upper then chroot jail level but still could  
list there and if I know relative path and have enough permissions  
read (presumably also write) files outside jail. Am I missing  
something obvious or it is not really intended to work this way.

I'm on Mac OS X 10.4.10 (Intel). I have compiled scponly 4.6 (with  
chrooted binary support), installed and created jails following  
modified instruction found on now defunct URL http://www.schwie.com/ 
brad/macosxsftpchroot/ (Google cache http://209.85.135.104/search? 
q=cache:9cCNL0wZR4cJ:www.schwie.com/brad/macosxsftpchroot/ ). I had  
to improvise a little on newer Intel machine since instructions are  
bit dated, but finally got it working by adding one more library and / 
dev/null to chroot jail.

I have also much older installation on PPC OS X machine using scponly  
4.1 and older version of sftp-server. It behaves exactly the same.

Folder /Users/SomeUser/Sites// is owned by root. I see no errors in  
syslog even when scponly logging is turned on second level (2) in etc/ 
sponly/debuglevel file.

Could someone enlighten me?

jan

::: jan mazáč ::: www.hifi-web.com ::: +420 603 295 975 :::




-------------- next part --------------
HTML attachment scrubbed and removed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070921/6c213286/attachment.bin

More information about the scponly mailing list