Date: Thu, 11 Jan 2018 21:33:59 +0000 From: halfdog <me@...fdog.net> To: oss-security@...ts.openwall.com Subject: OpenSSH sftp remote code execution in chroot mode in VERY RARE cases Hello list, This sounds worse, but it is not. And it is public anyway, so FYI: With internal-sftp and chroot, sftp still attempts to execute code from /etc/ssh/sshrc. See  for more information on testing the issue. It will only affect you when using a writable chroot (which is already documented in man-pages to be insecure) but also some strange configuration settings, e.g. when using ChrootDirectory /home as recommended in  and having a user named "etc" and "bin" created. When creating a user "proc" that way, another issue prohibits closing of inherited file descriptors, that then again may leak to the two other users. hd  https://www.halfdog.net/Security/2018/OpensshSftpChrootCodeExecution/  https://www.tecmint.com/restrict-sftp-user-home-directories-using-chroot/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.