From f5025c7d4800716b2e47fc26853b72fd32c5f25a Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 22 Jan 2015 20:24:41 +0000 Subject: [PATCH] Provide a warning about chroot misuses (which sadly, seem to have become quite popular because shiny). sshd cannot detect/manage/do anything about these cases, best we can do is warn in the right spot in the man page. ok markus --- usr.bin/ssh/sshd_config.5 | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 33c93bc9306..a93344ab461 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.189 2015/01/13 07:39:19 djm Exp $ -.Dd $Mdocdate: January 13 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.190 2015/01/22 20:24:41 deraadt Exp $ +.Dd $Mdocdate: January 22 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -331,8 +331,10 @@ The default is Specifies the pathname of a directory to .Xr chroot 2 to after authentication. -All components of the pathname must be root-owned directories that are -not writable by any other user or group. +At session startup +.Xr sshd 8 +checks that all components of the pathname are root-owned directories +which are not writable by any other user or group. After the chroot, .Xr sshd 8 changes the working directory to the user's home directory. @@ -369,6 +371,13 @@ inside the chroot directory on some operating systems (see .Xr sftp-server 8 for details). .Pp +For safety, it is very important that the directory heirarchy be +prevented from modification by other processes on the system (especially +those outside the jail). +Misconfiguration can lead to unsafe environments which +.Xr sshd 8 +cannot detect. +.Pp The default is not to .Xr chroot 2 . .It Cm Ciphers -- 2.20.1