Re: SFTP chroot: Writable root

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 06/01/18 01:05, Jakub Jelen wrote:
the description of the CVE 2009-2904 [1] talks about
attack vector with hardlinks and suid programs. Though I didn't
investigate it further.

[1]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904

Yes, of course, that requires users to also have access outside of the chroot, as well as the ability to execute an arbitrary command within it.  It doesn't appear to be a problem where ForceProgram sftp-server is effective.

I note that Ubuntu 16 (I assume some others, too) refuses to hard link a file to which the user cannot write.  I don't remember if that is traditional behaviour; I think not; it's probably SELinux.

Even without SELinux's protection, I'm still not seeing a risk when the user has no access outside of the chroot (by which I include having no ally with said access).  Is there more to the risk?

Bringing this back to on topic, to the question that was originally asked: the above reference shows that there is more to consider than just what's in a chroot, and so providing a writable root is not to be encouraged, however, if it is essential to allow an SFTP account to have write access to its root, (I doubt that there is an essential need), putting the chroot on a separate filesystem, mounted with noexec, should also be considered.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux