2556 – on Linux non-root process can chroot

Bug 2556 - on Linux non-root process can chroot

Summary: on Linux non-root process can chroot

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	7.1p1
Hardware:	Other Linux

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-19 11:01 AEDT by Igor Bukanov
Modified:	2016-03-19 11:01 AEDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Igor Bukanov 2016-03-19 11:01:38 AEDT

Currently sshd exits with fatal error if it see ChrootDirectory option when running as non-root, https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591 . 

This is wrong on Linux as there non-root process can perform chroot as long as it has SYS_CHROOT effective capability. So the code should either query the capability or the check should be removed as sshd treats any chroot syscall errors as fatal in any case.