Date: Thu, 11 Jan 2018 21:33:59 +0000 From: halfdog <me@...fdog.net> To: oss-security@...ts.openwall.com Subject: OpenSSH sftp remote code execution in chroot mode in VERY RARE cases Hello list, This sounds worse, but it is not. And it is public anyway, so FYI: With internal-sftp and chroot, sftp still attempts to execute code from /etc/ssh/sshrc. See  for more information on testing the issue. It will only affect you when using a writable chroot (which is already documented in man-pages to be insecure) but also some strange configuration settings, e.g. when using ChrootDirectory /home as recommended in  and having a user named "etc" and "bin" created. When creating a user "proc" that way, another issue prohibits closing of inherited file descriptors, that then again may leak to the two other users. hd  https://www.halfdog.net/Security/2018/OpensshSftpChrootCodeExecution/  https://www.tecmint.com/restrict-sftp-user-home-directories-using-chroot/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ