diff options
| author | Damien Miller <djm@mindrot.org> | 2008-05-19 06:27:42 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-05-19 06:27:42 +0200 |
| commit | 797e3d117f8b4cfed5f066ef88f28826eb8f8b41 (patch) | |
| tree | 31e68a41888e6f799b5bec33fb69b1711878942b | |
| parent | - (djm) Force string arguments to replacement setproctitle() though (diff) | |
| download | openssh-797e3d117f8b4cfed5f066ef88f28826eb8f8b41.tar.xz openssh-797e3d117f8b4cfed5f066ef88f28826eb8f8b41.zip | |
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/04 05:14:38
[sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | sshd_config.5 | 38 |
2 files changed, 44 insertions, 3 deletions
@@ -1,3 +1,10 @@ +20080518 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2008/04/04 05:14:38 + [sshd_config.5] + ChrootDirectory is supported in Match blocks (in fact, it is most useful + there). Spotted by Minstrel AT minstrel.org.uk + 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- time warnings on LynxOS. Patch from ops AT iki.fi @@ -3857,4 +3864,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4905 2008/05/16 00:01:54 djm Exp $ +$Id: ChangeLog,v 1.4906 2008/05/19 04:27:42 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 245ed946f..be3869713 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $ -.Dd $Mdocdate: March 25 2008 $ +.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $ +.Dd $Mdocdate: April 4 2008 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -210,6 +210,29 @@ in-process sftp server is used (see .Cm Subsystem for details). .Pp +Please note that there are many ways to misconfigure a chroot environment +in ways that compromise security. +These include: +.Pp +.Bl -dash -offset indent -compact +.It +Making unsafe setuid binaries available; +.It +Having missing or incorrect configuration files in the chroot's +.Pa /etc +directory; +.It +Hard-linking files between the chroot and outside; +.It +Leaving unnecessary +.Pa /dev +nodes accessible inside the chroot (especially those for physical drives); +.It +Executing scripts or binaries inside the chroot from outside, either +directly or through facilities such as +.Xr cron 8 . +.El +.Pp The default is not to .Xr chroot 2 . .It Cm Ciphers @@ -340,6 +363,11 @@ Specifying a command of will force the use of an in-process sftp server that requires no support files when used with .Cm ChrootDirectory . +Note that +.Dq internal-sftp +is only supported when +.Cm UsePrivilegeSeparation +is enabled. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -563,6 +591,7 @@ keyword. Available keywords are .Cm AllowTcpForwarding , .Cm Banner , +.Cm ChrootDirectory , .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSApiAuthentication , @@ -801,6 +830,11 @@ server. This may simplify configurations using .Cm ChrootDirectory to force a different filesystem root on clients. +Note that +.Dq internal-sftp +is only supported when +.Cm UsePrivilegeSeparation +is enabled. .Pp By default no subsystems are defined. Note that this option applies to protocol version 2 only. |