From owner-freebsd-security Thu Dec 19 6:27:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E80937B401 for ; Thu, 19 Dec 2002 06:27:26 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB06043EA9 for ; Thu, 19 Dec 2002 06:27:25 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 5DC073ABB63; Thu, 19 Dec 2002 15:27:24 +0100 (CET) Date: Thu, 19 Dec 2002 15:27:24 +0100 From: Pawel Jakub Dawidek To: Alexandr Kovalenko Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH's sftp and chroot Message-ID: <20021219142724.GG12563@garage.freebsd.pl> References: <20021122134324.GA24134@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="eDB11BtaWSyaBkpc" Content-Disposition: inline In-Reply-To: <20021122134324.GA24134@nevermind.kiev.ua> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.7-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --eDB11BtaWSyaBkpc Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 22, 2002 at 03:43:24PM +0200, Alexandr Kovalenko wrote: +> [I'm again not sure, which list is more apropriate place for asking this +> question] +>=20 +> Will OpenSSH's sftp-server have support for chroot anytime soon in +> RELENG_4{_X} ? Becuase of lack of this feature I have to use ssh.com's +> ssh, which is what I do not like. Look at my patch for OpenSSH 3.4p1: http://garage.freebsd.pl/openssh.README http://garage.freebsd.pl/openssh.tgz With this patch You can chroot/jail selected users or groups (see README). --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --eDB11BtaWSyaBkpc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPgHXTD/PhmMH/Mf1AQFOigP+I7vGPCT0cJ9Jlf8bxIQuh5cCjqKjcMI3 oIx+Mf0clXKzvzSqSR3MrvzrI5hMbEv7cc4eQA/x1AIazBcv3+mIrnLCx56S9Nrc vF8waz7p+R7lu18eTN646hoPx9+Br/ZSami2rKbGqqRY0wRLSjQr9ZetavtKh8lv UK8q2SbKZ6M= =O03J -----END PGP SIGNATURE----- --eDB11BtaWSyaBkpc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 19 6:33:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25F8D37B401 for ; Thu, 19 Dec 2002 06:33:32 -0800 (PST) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 651CB43EC5 for ; Thu, 19 Dec 2002 06:33:31 -0800 (PST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.12.6/8.12.6) with ESMTP id gBJEXP0W037318; Thu, 19 Dec 2002 09:33:25 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.6/8.12.6) with ESMTP id gBJEYjHY037884; Thu, 19 Dec 2002 09:34:46 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20021219093506.046e4660@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 19 Dec 2002 09:36:25 -0500 To: Pawel Jakub Dawidek From: Mike Tancsa Subject: Re: OpenSSH's sftp and chroot Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20021219142724.GG12563@garage.freebsd.pl> References: <20021122134324.GA24134@nevermind.kiev.ua> <20021122134324.GA24134@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Have you approached the openssh folks about integrating your patch into their tree ? This would be a nice "standard" thing to have ? Or, what about inclusion in the FreeBSD tree ? ---Mike At 03:27 PM 19/12/2002 +0100, Pawel Jakub Dawidek wrote: >On Fri, Nov 22, 2002 at 03:43:24PM +0200, Alexandr Kovalenko wrote: >+> [I'm again not sure, which list is more apropriate place for asking this >+> question] >+> >+> Will OpenSSH's sftp-server have support for chroot anytime soon in >+> RELENG_4{_X} ? Becuase of lack of this feature I have to use ssh.com's >+> ssh, which is what I do not like. > >Look at my patch for OpenSSH 3.4p1: > > http://garage.freebsd.pl/openssh.README > http://garage.freebsd.pl/openssh.tgz > >With this patch You can chroot/jail selected users or groups (see README). > >-- >Pawel Jakub Dawidek >UNIX Systems Administrator >http://garage.freebsd.pl >Am I Evil? Yes, I Am. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 19 8: 1:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEB9337B401 for ; Thu, 19 Dec 2002 08:01:27 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD7C643EC5 for ; Thu, 19 Dec 2002 08:01:25 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 027AA3ABB65; Thu, 19 Dec 2002 17:01:28 +0100 (CET) Date: Thu, 19 Dec 2002 17:01:28 +0100 From: Pawel Jakub Dawidek To: Mike Tancsa Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH's sftp and chroot Message-ID: <20021219160128.GI12563@garage.freebsd.pl> References: <20021122134324.GA24134@nevermind.kiev.ua> <20021122134324.GA24134@nevermind.kiev.ua> <5.2.0.9.0.20021219093506.046e4660@marble.sentex.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="gKijDXBCEH69PxaN" Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20021219093506.046e4660@marble.sentex.ca> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.7-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --gKijDXBCEH69PxaN Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 19, 2002 at 09:36:25AM -0500, Mike Tancsa wrote: +>=20 +> Have you approached the openssh folks about integrating your patch into= =20 +> their tree ? [...] Ask Niels... +> [...] This would be a nice "standard" thing to have ? Or, what=20 +> about inclusion in the FreeBSD tree ? Adding features like those only for OpenSSH from FreeBSD isn't good idea IMHO. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --gKijDXBCEH69PxaN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPgHtWD/PhmMH/Mf1AQEzvgP/XA+Mmwn5NTo4nQsKIkFpQarePe5Xwpao K+m2NBDQMkTCQzYo1IKOg6hhw5KK/k3ooRqsEe9vcL9dFxd8Wn4F61F5fTOfh3NE JUOOcxkl9FVOZBA057b1kRvGoDhlZ4uWQ6Q6l1Xlclxls9QcTtNtfHHIZWhbp4He nciYrKOsfCE= =G2tq -----END PGP SIGNATURE----- --gKijDXBCEH69PxaN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message