From 5d3573ef7a109ee70416fe94db098fe6a769a798 Mon Sep 17 00:00:00 2001 From: SkyperTHC Date: Tue, 3 Mar 2026 06:28:55 +0000 Subject: packetstorm sync --- other/openssh-reverse/contrib/chroot.diff | 61 +++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 other/openssh-reverse/contrib/chroot.diff (limited to 'other/openssh-reverse/contrib/chroot.diff') diff --git a/other/openssh-reverse/contrib/chroot.diff b/other/openssh-reverse/contrib/chroot.diff new file mode 100644 index 0000000..d2a42d8 --- /dev/null +++ b/other/openssh-reverse/contrib/chroot.diff @@ -0,0 +1,61 @@ +From: Ricardo Cerqueira + +A patch to cause sshd to chroot when it encounters the magic token +'/./' in a users home directory. The directory portion before the +token is the directory to chroot() to, the portion after the +token is the user's home directory relative to the new root. + +Index: session.c +=================================================================== +RCS file: /var/cvs/openssh/session.c,v +retrieving revision 1.4 +diff -u -r1.4 session.c +--- session.c 2000/04/16 02:31:51 1.4 ++++ session.c 2000/04/16 02:47:55 +@@ -27,6 +27,8 @@ + #include "ssh2.h" + #include "auth.h" + ++#define CHROOT ++ + /* types */ + + #define TTYSZ 64 +@@ -783,6 +785,10 @@ + extern char **environ; + struct stat st; + char *argv[10]; ++#ifdef CHROOT ++ char *user_dir; ++ char *new_root; ++#endif /* CHROOT */ + + #ifndef USE_PAM /* pam_nologin handles this */ + f = fopen("/etc/nologin", "r"); +@@ -799,6 +805,26 @@ + /* Set login name in the kernel. */ + if (setlogin(pw->pw_name) < 0) + error("setlogin failed: %s", strerror(errno)); ++ ++#ifdef CHROOT ++ user_dir = xstrdup(pw->pw_dir); ++ new_root = user_dir + 1; ++ ++ while((new_root = strchr(new_root, '.')) != NULL) { ++ new_root--; ++ if(strncmp(new_root, "/./", 3) == 0) { ++ *new_root = '\0'; ++ new_root += 2; ++ ++ if(chroot(user_dir) != 0) ++ fatal("Couldn't chroot to user directory %s", user_dir); ++ ++ pw->pw_dir = new_root; ++ break; ++ } ++ new_root += 2; ++ } ++#endif /* CHROOT */ + + /* Set uid, gid, and groups. */ + /* Login(1) does this as well, and it needs uid 0 for the "-h" -- cgit v1.3