Add check for nosuid, nodev in homechroot
This commit is contained in:
Jan F. Chadima
parent
49d0cf7e60
commit
257d66a4fb
@ -1,6 +1,6 @@
|
||||
diff -up /dev/null openssh-5.2p1/chrootenv.h
|
||||
--- /dev/null 2009-07-23 14:57:23.604046842 +0200
|
||||
+++ openssh-5.2p1/chrootenv.h 2009-07-24 07:11:29.000000000 +0200
|
||||
--- /dev/null 2009-08-19 20:21:50.796466837 +0200
|
||||
+++ openssh-5.2p1/chrootenv.h 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -0,0 +1,32 @@
|
||||
+/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
|
||||
+
|
||||
@ -35,8 +35,8 @@ diff -up /dev/null openssh-5.2p1/chrootenv.h
|
||||
+#endif
|
||||
+
|
||||
diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
--- openssh-5.2p1/session.c.homechroot 2009-07-24 07:11:22.000000000 +0200
|
||||
+++ openssh-5.2p1/session.c 2009-07-24 07:33:14.000000000 +0200
|
||||
--- openssh-5.2p1/session.c.homechroot 2009-08-19 23:22:14.000000000 +0200
|
||||
+++ openssh-5.2p1/session.c 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -119,6 +119,8 @@ void do_child(Session *, const char *);
|
||||
void do_motd(void);
|
||||
int check_quietlogin(Session *, const char *);
|
||||
@ -58,7 +58,69 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
if (command != NULL)
|
||||
PRIVSEP(audit_run_command(command));
|
||||
@@ -1408,6 +1415,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
@@ -1399,6 +1406,61 @@ do_nologin(struct passwd *pw)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Test if filesystem is mounted nosuid and nodev
|
||||
+ */
|
||||
+
|
||||
+static void
|
||||
+test_nosuid (dev_t fs)
|
||||
+{
|
||||
+ FILE *f;
|
||||
+ struct stat st;
|
||||
+ char buf[4096], *s, *on, *mountpoint, *opt;
|
||||
+ int nodev, nosuid;
|
||||
+
|
||||
+ if (!(f = popen ("/bin/mount", "r")))
|
||||
+ fatal ("%s: popen(\"/bin/mount\", \"r\"): %s",
|
||||
+ __func__, strerror (errno));
|
||||
+ for (;;) {
|
||||
+ s = fgets (buf, sizeof (buf), f);
|
||||
+ if (ferror (f))
|
||||
+ fatal ("%s: read from popen: %s", __func__,
|
||||
+ strerror (errno));
|
||||
+ if (!s) {
|
||||
+ pclose (f);
|
||||
+ fatal ("cannot found filesystem with the chroot directory");
|
||||
+ }
|
||||
+ (void) strtok (buf, " ");
|
||||
+ on = strtok (NULL, " ");
|
||||
+ if (strcmp (on, "on")) {
|
||||
+ pclose (f);
|
||||
+ fatal ("bad format of mount output");
|
||||
+ }
|
||||
+ mountpoint = strtok (NULL, " ");
|
||||
+ if (stat(mountpoint, &st) != 0) {
|
||||
+ pclose (f);
|
||||
+ fatal("%s: stat(\"%s\"): %s", __func__,
|
||||
+ mountpoint, strerror(errno));
|
||||
+ }
|
||||
+ if (fs != st.st_dev)
|
||||
+ continue;
|
||||
+ nodev = nosuid = 0;
|
||||
+ for (opt = strtok (NULL, "("); opt; opt = strtok (NULL, " ,)")) {
|
||||
+ if (!strcmp (opt, "nodev"))
|
||||
+ nodev = 1;
|
||||
+ else if (!strcmp (opt, "nosuid"))
|
||||
+ nosuid = 1;
|
||||
+ else if (!strcmp (opt, "noexec"))
|
||||
+ nosuid = 1;
|
||||
+ if (nodev && nosuid) {
|
||||
+ pclose (f);
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+ fatal ("chroot into directory without nodev or nosuid");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Chroot into a directory after checking it for safety: all path components
|
||||
* must be root-owned directories with strict permissions.
|
||||
*/
|
||||
@@ -1408,6 +1470,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
const char *cp;
|
||||
char component[MAXPATHLEN];
|
||||
struct stat st;
|
||||
@ -66,7 +128,7 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
|
||||
if (*path != '/')
|
||||
fatal("chroot path does not begin at root");
|
||||
@@ -1419,7 +1427,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
@@ -1419,7 +1482,7 @@ safely_chroot(const char *path, uid_t ui
|
||||
* root-owned directory with strict permissions.
|
||||
*/
|
||||
for (cp = path; cp != NULL;) {
|
||||
@ -75,7 +137,7 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
strlcpy(component, path, sizeof(component));
|
||||
else {
|
||||
cp++;
|
||||
@@ -1432,15 +1440,19 @@ safely_chroot(const char *path, uid_t ui
|
||||
@@ -1432,14 +1495,20 @@ safely_chroot(const char *path, uid_t ui
|
||||
if (stat(component, &st) != 0)
|
||||
fatal("%s: stat(\"%s\"): %s", __func__,
|
||||
component, strerror(errno));
|
||||
@ -87,30 +149,30 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
|
||||
if (!S_ISDIR(st.st_mode))
|
||||
fatal("chroot path %s\"%s\" is not a directory",
|
||||
cp == NULL ? "" : "component ", component);
|
||||
-
|
||||
}
|
||||
+ }
|
||||
+ setenv ("TZ", "/etc/localtime", 0);
|
||||
+ tzset ();
|
||||
+
|
||||
+ if (st.st_uid != uid)
|
||||
|
||||
+ if (st.st_uid) {
|
||||
+ test_nosuid (st.st_dev);
|
||||
+ ++chroot_no_tree;
|
||||
}
|
||||
|
||||
if (chdir(path) == -1)
|
||||
fatal("Unable to chdir to chroot path \"%s\": "
|
||||
@@ -1451,6 +1463,10 @@ safely_chroot(const char *path, uid_t ui
|
||||
@@ -1451,6 +1520,10 @@ safely_chroot(const char *path, uid_t ui
|
||||
if (chdir("/") == -1)
|
||||
fatal("%s: chdir(/) after chroot: %s",
|
||||
__func__, strerror(errno));
|
||||
+
|
||||
+ if (access ("/etc/localtime", R_OK) < 0)
|
||||
+ ++chroot_no_tree;
|
||||
+ ++chroot_no_tree;
|
||||
+
|
||||
verbose("Changed root directory to \"%s\"", path);
|
||||
}
|
||||
|
||||
diff -up openssh-5.2p1/sftp.c.homechroot openssh-5.2p1/sftp.c
|
||||
--- openssh-5.2p1/sftp.c.homechroot 2009-02-14 06:26:19.000000000 +0100
|
||||
+++ openssh-5.2p1/sftp.c 2009-07-24 07:11:29.000000000 +0200
|
||||
+++ openssh-5.2p1/sftp.c 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -94,6 +94,8 @@ int remote_glob(struct sftp_conn *, cons
|
||||
|
||||
extern char *__progname;
|
||||
@ -122,7 +184,7 @@ diff -up openssh-5.2p1/sftp.c.homechroot openssh-5.2p1/sftp.c
|
||||
|
||||
diff -up openssh-5.2p1/sftp-common.c.homechroot openssh-5.2p1/sftp-common.c
|
||||
--- openssh-5.2p1/sftp-common.c.homechroot 2006-08-05 04:39:40.000000000 +0200
|
||||
+++ openssh-5.2p1/sftp-common.c 2009-07-24 07:11:29.000000000 +0200
|
||||
+++ openssh-5.2p1/sftp-common.c 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -149,7 +211,7 @@ diff -up openssh-5.2p1/sftp-common.c.homechroot openssh-5.2p1/sftp-common.c
|
||||
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
|
||||
diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
|
||||
--- openssh-5.2p1/sftp-server-main.c.homechroot 2009-02-21 22:47:02.000000000 +0100
|
||||
+++ openssh-5.2p1/sftp-server-main.c 2009-07-24 07:11:29.000000000 +0200
|
||||
+++ openssh-5.2p1/sftp-server-main.c 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -22,11 +22,14 @@
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
@ -165,3 +227,42 @@ diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-m
|
||||
void
|
||||
cleanup_exit(int i)
|
||||
{
|
||||
diff -up openssh-5.2p1/sshd_config.0.homechroot openssh-5.2p1/sshd_config.0
|
||||
--- openssh-5.2p1/sshd_config.0.homechroot 2009-08-19 23:22:14.000000000 +0200
|
||||
+++ openssh-5.2p1/sshd_config.0 2009-08-19 23:31:26.000000000 +0200
|
||||
@@ -112,6 +112,14 @@ DESCRIPTION
|
||||
essary if the in-process sftp server is used (see Subsystem for
|
||||
details).
|
||||
|
||||
+ In the special case when only sftp is used, not ssh nor scp, it
|
||||
+ is possible to use ChrootDirectory %h or ChrootDirectory
|
||||
+ /some/path/%u. The file system containing this directory must be
|
||||
+ mounted with options nodev and either nosuid or noexec. The owner
|
||||
+ of the directory should be the user. The ownership of the other
|
||||
+ components of the path must fulfill the usual conditions. No adi-
|
||||
+ tional files are required to be present in the directory.
|
||||
+
|
||||
The default is not to chroot(2).
|
||||
|
||||
Ciphers
|
||||
diff -up openssh-5.2p1/sshd_config.5.homechroot openssh-5.2p1/sshd_config.5
|
||||
--- openssh-5.2p1/sshd_config.5.homechroot 2009-08-19 23:22:14.000000000 +0200
|
||||
+++ openssh-5.2p1/sshd_config.5 2009-08-19 23:22:15.000000000 +0200
|
||||
@@ -219,6 +219,17 @@ in-process sftp server is used (see
|
||||
.Cm Subsystem
|
||||
for details).
|
||||
.Pp
|
||||
+In the special case when only sftp is used, not ssh nor scp,
|
||||
+it is possible to use
|
||||
+.Cm ChrootDirectory
|
||||
+%h or
|
||||
+.Cm ChrootDirectory
|
||||
+/some/path/%u. The file system containing this directory must be
|
||||
+mounted with options nodev and either nosuid or noexec. The owner of the
|
||||
+directory should be the user. The ownership of the other components of the path
|
||||
+must fulfill the usual conditions. No aditional files are required to be present
|
||||
+in the directory.
|
||||
+.Pp
|
||||
The default is not to
|
||||
.Xr chroot 2 .
|
||||
.It Cm Ciphers
|
||||
|
||||
@ -63,7 +63,7 @@
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
Version: 5.2p1
|
||||
Release: 23%{?dist}%{?rescue_rel}
|
||||
Release: 24%{?dist}%{?rescue_rel}
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||
@ -468,6 +468,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Sep 7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
|
||||
- Add check for nosuid, nodev in homechroot
|
||||
|
||||
* Tue Sep 1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
|
||||
- add correct patch for ip-opts
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user