In my perspective, its not a security issue, because, user will have
access to root folder of chrooted environment and it doesn't let the
user go out of the chrooted directory,right?
It's like a normal user have access to root folder on a system.
+Raja
On 2/27/2011 9:51 PM, Riccardo Castellani wrote:
I installed openssh-5.6p1 into my Fedora server and I run this service
into chroot mode.
I think to have found out a BUG into this package, specifically into
sshd service:
if remote user tries to connect to this service, where its home
directory is unaccessible because it doesn't respect right permissions
(execution permission of owner is missed or home directory is
missing), he comes automatically into root folder of chroot.
I think sshd should have to deny this login or at least sshd_config
should have to contain the option to set this specifc behaviour; for
example into Fedora distributions, there is "DEFAULT_HOME" option in
/etc/login.defs file to permit this behaviour.
Yes it's true, I can restrict access to specific users or use PAM
module, but for security reasons I need to make sure myself to
restrict access ONLY to home folder of user.
I also could use PAM modules, but it's only available pam_mkhomedir.so
which creates home folder if this one is not existing; I need
pam_homecheck.so but it's available only as package for OpenSuse.
Suggestions ?