[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] [bug #38078] [PATCH] Fix: check if executable exists only
From: |
Jiri Horky |
Subject: |
[Jailkit-dev] [bug #38078] [PATCH] Fix: check if executable exists only if it specified as an absolute path |
Date: |
Mon, 14 Jan 2013 09:21:22 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20100101 Firefox/10.0.11 |
URL:
<http://savannah.nongnu.org/bugs/?38078>
Summary: [PATCH] Fix: check if executable exists only if it
specified as an absolute path
Project: Jailkit
Submitted by: jirihorky
Submitted on: Mon 14 Jan 2013 09:21:21 AM GMT
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hi,
prior to executing a specified command, jk_lsh first checks if the executable
exists. If it does, it THEN checks whether it is in allowed commands or not.
This causes a problem when specifying a relative path to the executable (e.g.
"ssh address@hidden rsync --server") when there is a file/directory with the
same
name as the specified command. In case of rsync, we have "/usr/bin/rsync"
allowed, but if the user has directory called "rsync" in its home, the first
check will succeed (file exists) and checks against list of allowed commands
will fail (because only "/usr/bin/rsync" is allowed) with message:
jk_lsh[7356]: WARNING: user USER (1000) tried to run 'rsync --server', which
is not allowed according to /etc/jailkit/jk_lsh.ini
The attached patch fixes this behavior by checking if executable exists only
if it is specified as an absolute path.
The patch was actually written by my colleague Lukas Hejtmanek.
Regards
Jiri Horky
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 14 Jan 2013 09:21:21 AM GMT Name: jailkit-current-dir-path.diff
Size: 461B By: jirihorky
<http://savannah.nongnu.org/bugs/download.php?file_id=27256>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?38078>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Jailkit-dev] [bug #38078] [PATCH] Fix: check if executable exists only if it specified as an absolute path,
Jiri Horky <=