Original patch by Ricardo Cerqueira Updated by James Dennis for openssh-3.5 A patch to cause sshd to chroot when it encounters the magic token '/./' in a users home directory. The directory portion before the token is the directory to chroot() to, the portion after the token is the user's home directory relative to the new root. Patch source using: patch -p0 < /path/to/patch Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about other systems (unless you email me your experiences!). ================================================================================ diff -uNr openssh-3.5p1/session.c openssh-3.5p1-chroot/session.c --- openssh-3.5p1/session.c Wed Sep 25 20:38:50 2002 +++ openssh-3.5p1-chroot/session.c Fri Jan 17 13:56:51 2003 @@ -58,6 +58,9 @@ #include "session.h" #include "monitor_wrap.h" +/* Maybe one day I'll get frisky and add something to configure to do this */ +#define CHROOT + #ifdef HAVE_CYGWIN #include #include @@ -1195,6 +1198,12 @@ void do_setusercontext(struct passwd *pw) { + +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ + #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ @@ -1231,6 +1240,28 @@ exit(1); } endgrent(); + + +#ifdef CHROOT + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir + 1; + + while((new_root = strchr(new_root, '.')) != NULL) { + new_root--; + if(strncmp(new_root, "/./", 3) == 0) { + *new_root = '\0'; + new_root += 2; + + if(chroot(user_dir) != 0) + fatal("Couldn't chroot to user directory %s", user_dir); + + pw->pw_dir = new_root; + break; + } + new_root += 2; + } +#endif /* CHROOT */ + # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups.