Re: CHROOT patch openssh3.4p1

From: devnull (nobody@nospam.com)
Date: 07/09/02


From: "devnull" <nobody@nospam.com>
Date: Tue, 9 Jul 2002 13:02:52 +0100

I've managed to get this working but I manually updated the 3.4 source as I
wasn't sure if running patch would correctly update the new version. It
seems to work OK with the chroot patch code from v3.1 and v3.02.

A couple of things I noticed. The chroot patch doesn't work if you have
uselogin set to yes. This is required on Solaris if you have auditing
running otherwise the auditing system will stop you from updating stuff like
cron.

The other thing is that it doesn't work with PrivilageSeparation set to yes.
Interestingly I initially thought it did work, but I've recompiled the code
so frequently that I'm probably getting confused. For the moment I have
PrivilageSeparation turned off.

It's a shame that the chroot functionality is not part of the proper
distribution. I don't think it even appears on the TODO list. I find it hard
to believe its a minor requirement. There must be loads of organisations
under pressure to move away from wuftp and up to ssh.

--
devnull

"Douglas" <cngee_wei@hotmail.com> wrote in message news:74ad2b6f.0207080139.6a95bf3d@posting.google.com... > Hi, > With recent bug found in openssh 3.3 and below, we are being forced > to upgrade to openssh 3.4p1. However, our current version 3.02p1 is > compiled with the chroot patch. Tried compiling with the latest chroot > patch made available by the ever helpful, Nico Kadel Garcia, chroot > patch 3.1p1. The compilation is successful but the chroot is not > working. When I do an ssh connection I am not jailed to the home > directory "/./" > > Any feedback, hints, help anything at all would be most > appreciated. I am desperate. My boss is chasing my back. This has > become high priority in my task list. Thank you so much for your kind > response. > > Regards, > > Douglas



Relevant Pages