Mailinglist Archive: opensuse-bugs (4504 mails)

< Previous Next >
[Bug 965192] openssh: chroot jail for restricted access with SFTP clients fails
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 04 Feb 2016 19:35:18 +0000
  • Message-id: <bug-965192-21960-0sEP84loNM@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=965192
http://bugzilla.opensuse.org/show_bug.cgi?id=965192#c1

--- Comment #1 from Björn Voigt <bjoernv@xxxxxxxx> ---
The problem is caused by the function test_nosuid(char * path, dev_t fs). The
function is part of patch "openssh-6.6p1-sftp_homechroot.patch".

The function is unable to find the bind mount entries in output of /bin/mount,
because only the "/" mount is processed. Finding bind mounts is not so easy,
because "stat" returns the same filesystem number (st.st_dev) for the bind
mount compared with the bind mount origin (see source code of the patch).

Mount options like nodev, noexec and nosuid are evaluated in bind mounts. From
this perspective openSSH should not block access to directories configured like
in this bug description.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References