I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3 with OpenSSH_5.2p1. But there is a problem with the chroot() call. In the do_setusercontext() function, chroot() is called after the setpcred() (only AIX is concerned by the setpcred() call), so privileges are already dropped when chroot() is called. When not calling setpcred(), the chroot() does not fail and the privileges are dropped anyway within the permanently_set_uid() call, just after the safely_chroot() call. Is the setpcred() really usefull ?
This is related to [Bug 1575] OpenSSH 5.2p1 failure using ChrootDirectory option on AIX.
*** Bug 1575 has been marked as a duplicate of this bug. ***
Created attachment 1661 [details] move setpcred (and usrinfo) on AIX to after chroot I think the usefulness of setpcred depends on which LAMs you have on your system. We can probably move the setpcred to after the chroot.
Created attachment 1662 [details] override the real uid in setpcred and leave it to permanently_set_uid to set Hrm, except that doesn't seem to actually work. This one seems to, though.
Comment on attachment 1662 [details] override the real uid in setpcred and leave it to permanently_set_uid to set >--- session.c 21 Jun 2009 09:50:08 -0000 1.383 >+++ session.c 12 Jul 2009 14:04:22 -0000 ... > #ifdef HAVE_SETPCRED >- if (setpcred(pw->pw_name, (char **)NULL) == -1) >+ /* set all creds except real user ID */ >+ char *creds[] = { "REAL_USER=root", NULL }; Maybe mention that RUID=root is needed for chroot() in the comment.
Created attachment 1669 [details] Same as #1662, but only override if chroot directory is set. Added comment as suggested, also made behave differently only if needed (ie chroot directory set).
Apparently I'm a moron and pasted this into the wrong bug last time: I think the patch in bug #1249 will also solve it: it uses setpcred to set up everying in the LAM except for real userid, and then lets permanently_set_uid() take care of the latter. Anyway, target 5.3 for David's fix (ie moving setpcred).
Fixed with the patch from bug #1249, which will be in the 5.3p1 release. Thanks for the report.
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.
Created attachment 1728 [details] truss log on AIX 6.1
Created attachment 1729 [details] patch for setpcred with chroot
I tested openssh-5.3p1 on 3 machines: AIX ... 1 5 004036AA4C00 AIX ... 3 5 0040D7CB4C00 AIX ... 1 6 0003EADAD300 on each of them I got the same result: ... debug3: safely_chroot: checking '/home/test' Changed root directory to "/home/test" Failed to set process credentials then it quits. I attached the truss log from AIX 6.1 (truss_log.txt) I also attached the fix that worked for me (this code was posted already in https://bugzilla.mindrot.org/attachment.cgi?id=1669 ). I call setpcred before chroot.
Look at this (again) for 5.4
*** Bug 1678 has been marked as a duplicate of this bug. ***
Created attachment 1807 [details] Updated AIX setpcred/chroot patch
Patch applied, will be in 5.4p1
With the release of 5.4p1, this bug is now considered closed.