jailkit-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] [bug #38078] [PATCH] Fix: check if executable exists only


From: Jiri Horky
Subject: [Jailkit-dev] [bug #38078] [PATCH] Fix: check if executable exists only if it specified as an absolute path
Date: Mon, 14 Jan 2013 09:21:22 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20100101 Firefox/10.0.11

URL:
  <http://savannah.nongnu.org/bugs/?38078>

                 Summary: [PATCH] Fix: check if executable exists only if it
specified as an absolute path
                 Project: Jailkit
            Submitted by: jirihorky
            Submitted on: Mon 14 Jan 2013 09:21:21 AM GMT
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

Hi,

prior to executing a specified command, jk_lsh first checks if the executable
exists. If it does, it THEN checks whether it is in allowed commands or not.
This causes a problem when specifying a relative path to the executable (e.g.
"ssh address@hidden rsync --server") when there is a file/directory with the 
same
name as the specified command. In case of rsync, we have "/usr/bin/rsync"
allowed, but if the user has directory called "rsync" in its home, the first
check will succeed (file exists) and checks against list of allowed commands
will fail (because only "/usr/bin/rsync" is allowed) with message:

jk_lsh[7356]: WARNING: user USER (1000) tried to run 'rsync --server', which
is not allowed according to /etc/jailkit/jk_lsh.ini

The attached patch fixes this behavior by checking if executable exists only
if it is specified as an absolute path.


The patch was actually written by my colleague Lukas Hejtmanek.

Regards
Jiri Horky



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 14 Jan 2013 09:21:21 AM GMT  Name: jailkit-current-dir-path.diff 
Size: 461B   By: jirihorky

<http://savannah.nongnu.org/bugs/download.php?file_id=27256>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?38078>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]