Original patch by Ricardo Cerqueira Updated by neeo for OpenSSH-4.0p1 A patch to cause sshd to chroot when it encounters the magic token '/./' in a users home directory. The directory portion before the token is the directory to chroot() to, the portion after the token is the user's home directory relative to the new root. Patch source using: patch -p0 < /path/to/patch Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about other systems (unless you email me your experiences!). ================================================================================ diff -urN openssh-4.0p1/session.c openssh-4.0p1-chroot/session.c --- openssh-4.0p1/session.c 2005-03-06 12:38:52.000000000 +0100 +++ openssh-4.0p1-chroot/session.c 2005-03-14 14:52:28.758369584 +0100 @@ -58,6 +58,8 @@ #include "session.h" #include "monitor_wrap.h" +#define CHROOT + #if defined(KRB5) && defined(USE_AFS) #include #endif @@ -1258,6 +1260,11 @@ void do_setusercontext(struct passwd *pw) { +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ + #ifndef HAVE_CYGWIN if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ @@ -1315,6 +1322,27 @@ restore_uid(); } #endif + +#ifdef CHROOT + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir + 1; + + while((new_root = strchr(new_root, '.')) != NULL) { + new_root--; + if(strncmp(new_root, "/./", 3) == 0) { + *new_root = '\0'; + new_root += 2; + + if(chroot(user_dir) != 0) + fatal("Couldn't chroot to user's directory %s", user_dir); + pw->pw_dir = new_root; + break; + } + + new_root += 2; + } +#endif /* CHROOT */ + # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups.