Hello everyone,
While reading proftpd's documentation, I came across something regarding their DefaultRoot option, which makes a chroot call to put them in a chroot jail at login:
I'm still in the process of setting up webhosting. This says if they have shell access, they're able to make a symlink, and possibly exploit the issue. I wasn't planning on giving them shell access at all, but possibly restricted CGI access (via sbox, a cgi wrapper, which also chroots the script to their home directory, and I might add that I set that up successfullyWhen the specified chroot directory is a symlink this will be resolved to it's parent first before setting up the chroot. This can have unwanted side effects. For example if a chroot is to be configured within space to which a user as shell access, the chroot directory could be converted to a symlink pointing at '/'. Thus the chroot would be to the root directory of the server.
(Originally from http://proftpd.linux.co.uk/docs/dire...faultRoot.html))
So, would that security hole be an issue even if I only give them a 'jailed' home directory and 'jailed' cgi script access?
Thanks
-Mike
Reply With Quote