Public bug reported:
The binary file (scponlyc) used for chrooted environments does not have
the SUID bit enabled. This way nobody is able to login as the chroot
cannot be performed with user privileges.
Installed package:
ii scponly 4.6-1 Restricts the commands available
to scp- and sftp-users
Created a chrooted user with:
/usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
---------- Messages in auth.log ----------------
Jun 27 09:21:03 vde sshd[16532]: Accepted password for USERXXX from
XXX.XXX.XXX.XXX port 2475 ssh2 Jun 27 09:21:03 vde sshd[16534]:
(pam_unix) session opened for user USERXXX by (uid=0) Jun 27
09:21:03 vde sshd[16534]: subsystem request for sftp
Jun 27 09:21:03 vde scponly[16535]: chrooted binary in
place, will chroot() Jun 27 09:21:03 vde
scponly[16535]: 3 arguments in total.
Jun 27 09:21:03 vde scponly[16535]: ^Iarg 0 is scponlyc
Jun 27 09:21:03 vde scponly[16535]: ^Iarg 1
is -c Jun 27 09:21:03
vde scponly[16535]: ^Iarg 2 is /usr/lib/openssh/sftp-server
Jun 27 09:21:03 vde scponly[16535]: opened log at LOG_AUTHPRIV, opts
0x00000029 Jun 27 09:21:03 vde scponly[16535]:
retrieved home directory of "/home/USERXXX" for user "USERXXX" Jun 27
09:21:03 vde scponly[16535]: chrooting to dir: "/home/USERXXX"
Jun 27 09:21:04 vde scponly[16535]: chroot: Operation not
permitted Jun 27 09:21:04 vde
scponly[16535]: couldn't chroot to /home/USERXXX [username: USERXXX(1003),
IP/port: XXX.XXX.XXX.XXX 2475 22]
Jun 27 09:21:04 vde sshd[16534]: (pam_unix)
session closed for user USERXXX
-------------------------------------------
Solution
chmod u+s /usr/sbin/scponlyc
** Affects: scponly (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
--
scponlyc has SUID not set
https://launchpad.net/bugs/51085
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
