Would it be posible to make more flexible the checks for chroot directories?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



When I try to setup an Openssh server the error appears when I attempt to login:

     fatal: bad ownership or modes for chroot directory component "/"

The problem with this check is that it forces me to make my setup less
secure. In my setup, openssh is running inside a container. The home
directory appears to be owned by nobody, but it is actually owned by
root of the host machine, and for further security, this root user is
not accessible inside the container. Thus, even if someone finds a
vulnerability in Openssh and is able to run as the root user, he is
inside the container, and cannot write to most of the directories of
the container.

So this check makes it more difficult to improve the security of my system.

Could you please consider an option to disable this check or to make
it more flexible? For me, an alternative user to "root" for the check
would be enough.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux