[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update

4 views
Skip to first unread message

mag...@mandarin.nu

unread,
Sep 30, 2003, 11:53:26 AM9/30/03
to
Hello all,

Here is an updated patch. I published the original patch published on
august 16.

--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
+0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
#include \"includes.h\"
RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp
$\");

+#define CHROOT
#include \"buffer.h\"
#include \"bufaux.h\"
#include \"getput.h\"
@@ -33,6 +34,15 @@
#include \"sftp.h\"
#include \"sftp-common.h\"

+#ifdef CHROOT
+#include \"uidswap.h\"
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#endif /* CHROOT */
+
/* helper */
#define get_int64() buffer_get_int64(&iqueue);
#define get_int() buffer_get_int(&iqueue);
@@ -62,6 +72,49 @@
Attrib attrib;
};

+#ifdef CHROOT
+static void
+chroot_init(void)
+{
+ struct passwd *pw;
+ struct stat st;
+
+ /* Sanity checking before chroot */
+ if ((pw = getpwuid(getuid())) == NULL)
+ fatal(\"getpwuid failed for %u\", (u_int)pw->pw_uid );
+
+ /* Sets passwd pointer to null */
+ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
+ if (geteuid() != 0)
+ fatal(\"must be SUID root to use chroot feature\");
+
+ if ((stat(pw->pw_dir, &st)) == -1)
+ fatal(\"cannot stat chroot directory %s: %s\", pw->pw_dir,
strerror(errno));
+
+ if (!S_ISDIR(st.st_mode))
+ fatal(\"%s is not a directory: %s\", pw->pw_dir, strerror(errno));
+
+ /* Drop our privileges */
+ debug3(\"chroot user:group %u:%u\", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+
+ /* Change our root directory */
+ if (chroot(pw->pw_dir) == -1)
+ fatal(\"chroot(\\\"%s\\\"): %s\", pw->pw_dir, strerror(errno));
+
+ /* Change dir to prevent chroot break */
+ if (chdir(\"/\") == -1)
+ fatal(\"chdir(\\\"/\\\"): %s\", strerror(errno));
+
+ if (setgid(pw->pw_gid) < 0)
+ fatal(\"setgid failed for %u\", (u_int)pw->pw_gid );
+
+ permanently_set_uid(pw);
+
+}
+#endif /* CHROOT */
+
static int
errno_to_portable(int unixerrno)
{
@@ -1028,15 +1081,19 @@
int in, out, max;
ssize_t len, olen, set_size;

+#ifdef DEBUG_SFTP_SERVER
+ log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH,
0);
+#endif
+
+#ifdef CHROOT
+ chroot_init();
+#endif
+
/* XXX should use getopt */

__progname = ssh_get_progname(av[0]);
handle_init();

-#ifdef DEBUG_SFTP_SERVER
- log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH,
0);
-#endif
-
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);

To apply this patch on OpenSSH 3.7.1p2:
- patch -p0 < sftp-server.patch
- edit Makefile and include uidswap.o in sftp-server
- make sftp-server
- copy sftp-server into your chroot and set u+s

Any problems with it, please share, works ok for me on Solaris 8.

Regards
Magnus

_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

Ben Lindstrom

unread,
Sep 30, 2003, 12:01:27 PM9/30/03
to

On Tue, 30 Sep 2003 mag...@mandarin.nu wrote:

> Hello all,
>
> Here is an updated patch. I published the original patch published on
> august 16.
>
> --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
> +0200
> +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
> @@ -24,6 +24,7 @@
> #include \"includes.h\"

^^^^^^^^^^^^^

Your patch is corrupted.

- Ben

Magnus F

unread,
Sep 30, 2003, 2:12:13 PM9/30/03
to
Is it ok now? Must've been my webmail that added those slashes.

--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
#include "includes.h"


EOF

Reply all
Reply to author
Forward
0 new messages