Bug 2556

Summary: on Linux non-root process can chroot
Product: Portable OpenSSH Reporter: Igor Bukanov <igor>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: minor    
Priority: P5    
Version: 7.1p1   
Hardware: Other   
OS: Linux   

Description Igor Bukanov 2016-03-19 11:01:38 AEDT 
Currently sshd exits with fatal error if it see ChrootDirectory option when running as non-root, https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591 . 

This is wrong on Linux as there non-root process can perform chroot as long as it has SYS_CHROOT effective capability. So the code should either query the capability or the check should be removed as sshd treats any chroot syscall errors as fatal in any case.