Package: openssh-server
Version: 1:5.1p1-8
Severity: important
The following patch allows the chroot functionality for sftp (and probably
regular logins) work with SE Linux. After chroot() is called the SE Linux
context setting won't work unless /selinux and /proc are mounted in the
chroot environment. Even worse, if the user has control over the chroot
environment then they may be able to control the context that they get (I
haven't verified this).
I have given this severity "important" because being forced to choose between
two alternate security features is a bad thing. It's also a bad thing to
preclude the possibility of a SE Linux system being used to test a
configuration that will later be deployed on a non-SE system.
diff -ru openssh-5.1p1.orig/session.c openssh-5.1p1/session.c
--- openssh-5.1p1.orig/session.c 2008-06-16 23:29:18.000000000 +1000
+++ openssh-5.1p1/session.c 2009-11-17 21:13:27.000000000 +1100
@@ -1523,6 +1523,10 @@
# endif /* USE_LIBIAF */
#endif
+#ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory,
@@ -1550,10 +1554,6 @@
#endif
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-
-#ifdef WITH_SELINUX
- ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
}
static void
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
