Secure Shell
Questions about ChrootDirectory Jan 10 2011 09:16PM
Mike Kelly (mike pair com)

I'm aware of the fact that ChrootDirectory requires that the target
directory is root-owned, and I think I've mostly understood why that is
necessary, at least within the context of someone who has full shell
access. However, I am wondering if that possibility for privilege
escalation still exists with a configuration like this:

Match Group sftp
ForceCommand internal-sftp
ChrootDirectory %h

Assuming some patch were applied to openssh to allow ChrootDirectory to
work here on a non-root-owned home directory, wouldn't this mean that
any user in the sftp group would only be able to manipulate files
within their home directory, and nothing else? Is there some potential
for privilege escalation or execution of commands that I've missed?

And, just to confirm, am I correct in understanding that scp will not
work with this configuration, since scp wants a shell?


Mike Kelly

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus