Adam Jensen <han...@riseup.net> writes:
> On 10/04/2016 11:09 PM, Russ Allbery wrote:
>> I'll bet that /bin/sh in your chroot is not the same as /bin/sh outside
>> your chroot, it's not recognizing this shell built-in, and libc is
>> incorrectly interpreting this as a syntax error.
> This is an interesting statement. There isn't anything inside the
> chrootpath directory. That is,
> pwd
> /usr/local/chroot
> ls
> banks/
> Should there be a '/usr/local/chroot/bin/sh'? If so, what else needs to
> be in the chrootpath?
Yeah, sadly you need a bunch of stuff in the chroot because you have to
execute the server end of scp or whatever in the chroot. So it needs all
of its libraries and so forth.
The mkchroot.sh script in the distribution does an okay job for Linux
systems but is probably missing a ton of stuff for FreeBSD. There's a
bunch more details in the CHROOT file.
BTW, the wordexp thing is also discussed there:
IMPORTANT NOTE ABOUT wordexp() IMPLEMENTATIONS: rssh requires a
working implementation of the wordexp() library function, specified by
POSIX.2 (or whatever they're calling it these days). A number of
vendors ship a version of wordexp() that execvp()'s the system shell
in order to expand the arguments. This means that if you are using
such a platform, you'll need to copy their system shell into the
chroot jail, along with all the other necessary files. The symptoms
of this problem are:
1. When a user logs in, they immediately get "Connection closed."
2. In the system logs, rssh reports "error expanding arguments for
user ..."
For Solaris 9, the required shell is /bin/ksh. For AIX 5.2, you need
/usr/bin/ksh93. FreeBSD also has this problem, but I don't know what
the default system shell is on FreeBSD. Other platforms will probably
also experience this problem. If you need help determining which shell
to include, try running rssh with strace or truss, whichever your
system has. See the relevant manpages for details.
Also, I feel obligated to warn that rssh may be inherently insecure on
FreeBSD given this statement in the wordexp(3) manual page:
Do not pass untrusted user data to wordexp(), regardless of whether
the WRDE_NOCMD flag is set. The wordexp() function attempts to
detect input that would cause commands to be executed before passing
it to the shell but it does not use the same parser so it may be
fooled.
This is exactly what rssh does and has to do, so if there are indeed such
flaws, they would allow an authenticated attacker to bypass all of the
command restrictions (although, at least in theory, not the chroot).
--
Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
rssh-discuss mailing list
rssh-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
