[scponly] Relative listing outside scponlyc chroot jail allowed?
Kaleb Pederson
kaleb.pederson at gmail.com
Mon Sep 24 09:24:48 EDT 2007
On Sunday 23 September 2007, Jan Mazáč wrote:
> On 22.9.2007, at 17:44, Kaleb Pederson wrote:
> > Also, what do the permissions on scponly/scponlyc look like:
>
> ls -l from install location:
> -rwsr-xr-x 1 root wheel 37008 Sep 18 16:06 /opt/local/sbin/scponlyc
> -rwxr-xr-x 1 root wheel 37008 Sep 18 16:06 /opt/local/bin/scponly
That looks good.
> ls -l scponlyc from inside chroot:
> -rwxr-xr-x 1 root SomeGroup 37008 Sep 21 12:46 /Users/SomeUser/
> Sites/usr/local/sbin/scponlyc
scponly doesn't need to be within the chroot as it will be executed before the
user is chrooted. But, that doesn't help our current problem.
> > Can you paste for us the clientside transcript of the details. Eg;
> >
> sftp SomeUser at some.host.com
> Connecting to some.host.com...
> SomeUser at some.host.com's password:
> sftp> ls
> Streaming somesite.com dev images
> index.html usr
> sftp> ls /
> /Streaming /somesite.com /dev /images
> /index.html /usr
> sftp> ls ..
> ../Desktop ../Documents ../Library ../Movies ../Music
> ../Pictures ../Public ../Sites
> sftp> quit
Wow. That's still amazing, though not good :(
[snip]
> > The above should pretty much have the same system calls as the sftp
> > ls output,
> > although perhaps not exactly the same.
>
> I have scponlyc present inside the /usr/local/sbin directory inside
> the chroot but not the ls binary. Still if I try to execute commands
> like "sudo chroot -u SomeUser /Users/SomeUser/Sites/ /usr/local/sbin/
> scponlyc" without any error I'm immediately returned to prompt.
You might try copying (temporarily) the ls and bash binaries there and seeing
what the little transcript I provided in my last e-mail would give. However,
your trace information should be sufficient.
Thanks.
--Kaleb
More information about the scponly
mailing list