Bug 440240 - request to add chroot sftp capabilty into openssh-server
Summary: request to add chroot sftp capabilty into openssh-server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh
Version: 5.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jan F. Chadima
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On: 440043
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-02 14:00 UTC by Marcelo Giles
Modified: 2018-10-20 02:38 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 09:44:45 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1287 0 normal SHIPPED_LIVE Low: openssh security, bug fix, and enhancement update 2009-09-01 09:55:07 UTC

Description Marcelo Giles 2008-04-02 14:00:43 UTC 
+++ This bug was initially created as a clone of Bug #440043 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre)
Gecko/2008030315 Red Hat/3.0b4pre-0.beta3.4.el5 Minefield/3.0b4pre

Description of problem:
Customer is requesting, for security reasons, that we add chroot capability to
our sshd server, more specifically for sftp.

Upstream OpenSSH software version 4.9 recently incorporated this feature.

See release notes and man pages:

http://openssh.org/txt/release-4.9
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config 

Can we backport this feature into our current version of the openssh-server
package for RHEL?

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Use of current OpenSSH RHEL software

Actual Results:
No chroot environment built in configuration options.

Expected Results:
An openssh-server capable of built in chroot configuration options.

Additional info:

-- Additional comment from tmraz on 2008-04-02 07:42 EST --
Given the state of maintenance of RHEL-4 I am not sure this is appropriate
feature for backport. It would also have to be backported to RHEL-5 first so we
wouldn't regress feature-wise.
Comment 6 LENHOF Jean-Yves 2009-02-20 12:04:27 UTC 
What is the state of this enhancement bug ?
It could be nice to have the chroot feature.
Comment 8 Jan F. Chadima 2009-04-21 10:35:51 UTC 
This feature is being implemented. If everything goes well it should appear in the RHEL 5.4 update package.
Comment 11 LENHOF Jean-Yves 2009-04-24 10:21:22 UTC 
A little precision, because there's no package version, a recent version (or backport of some parts) is necessary to be able to log informations when using this function. 

Version 5.2p1 seems necessary, some informations here :
https://bugzilla.mindrot.org/show_bug.cgi?id=1527

Regards,
Comment 12 Jan F. Chadima 2009-04-27 06:44:01 UTC 
This bug is repaired in Rawhide, not in upstream. While the fix will not be well tested, I don't want it in RHEL.
Comment 13 Jan F. Chadima 2009-04-27 07:13:37 UTC 
I've meant broken logging in last reply.
Comment 18 errata-xmlrpc 2009-09-02 09:44:45 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1287.html
Note You need to log in before you can comment on or make changes to this bug.