https://bugzilla.mindrot.org/show_bug.cgi?id=3428
Bug ID: 3428
Summary: chroot root 755] I wish there was an option to lower
the chroot security. CVE-2009-2904
Product: Portable OpenSSH
Version: 8.9p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp-server
Assignee: [email protected]
Reporter: [email protected]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904
https://github.com/openssh/openssh-portable/blob/master/session.c#L1336
The directory to be chrooted must be root 755.
It is inconvenient as it is forced without a way to solve it as an
option.
The CVE content says that you can do something with a combination of
hardlink and setuid,
Isn't this a problem related to openssh that occurs when another
account executes?
I would like to take this vulnerability and make it impossible to
detect the existence of other accounts when logged in.
Please make it an option.
thank you.
if(!options->unsecure_chroot_directory) {
if (st.st_uid != 0 || (st.st_mode & 022) != 0)
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
