2 files changed, 44 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 91e6ff030..dd8602954 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20080518
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/04/04 05:14:38
+     [sshd_config.5]
+     ChrootDirectory is supported in Match blocks (in fact, it is most useful
+     there). Spotted by Minstrel AT minstrel.org.uk
 20080403
 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
   time warnings on LynxOS. Patch from ops AT iki.fi
@@ -3857,4 +3864,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4905 2008/05/16 00:01:54 djm Exp $
+$Id: ChangeLog,v 1.4906 2008/05/19 04:27:42 djm Exp $
diff --git a/sshd_config.5 b/sshd_config.5
index 245ed946f..be3869713 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $
-.Dd $Mdocdate: March 25 2008 $
+.Dd $Mdocdate: April 4 2008 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -210,6 +210,29 @@ in-process sftp server is used (see
 .Cm Subsystem
 for details).
 .Pp
+Please note that there are many ways to misconfigure a chroot environment
+in ways that compromise security.
+These include:
+.Pp
+.Bl -dash -offset indent -compact
+.It
+Making unsafe setuid binaries available;
+.It
+Having missing or incorrect configuration files in the chroot's
+.Pa /etc
+directory;
+.It
+Hard-linking files between the chroot and outside;
+.It
+Leaving unnecessary
+.Pa /dev
+nodes accessible inside the chroot (especially those for physical drives);
+.It
+Executing scripts or binaries inside the chroot from outside, either
+directly or through facilities such as
+.Xr cron 8 .
+.El
+.Pp
 The default is not to
 .Xr chroot 2 .
 .It Cm Ciphers
@@ -340,6 +363,11 @@ Specifying a command of
 will force the use of an in-process sftp server that requires no support
 files when used with
 .Cm ChrootDirectory .
+Note that
+.Dq internal-sftp
+is only supported when
+.Cm UsePrivilegeSeparation
+is enabled.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@@ -563,6 +591,7 @@ keyword.
 Available keywords are
 .Cm AllowTcpForwarding ,
 .Cm Banner ,
+.Cm ChrootDirectory ,
 .Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm GSSApiAuthentication ,
@@ -801,6 +830,11 @@ server.
 This may simplify configurations using
 .Cm ChrootDirectory
 to force a different filesystem root on clients.
+Note that
+.Dq internal-sftp
+is only supported when
+.Cm UsePrivilegeSeparation
+is enabled.
 .Pp
 By default no subsystems are defined.
 Note that this option applies to protocol version 2 only.

diff --git a/ChangeLog b/ChangeLog index 91e6ff030..dd8602954 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,10 @@
		1	20080518
		2	- (djm) OpenBSD CVS Sync
		3	- djm@cvs.openbsd.org 2008/04/04 05:14:38
		4	[sshd_config.5]
		5	ChrootDirectory is supported in Match blocks (in fact, it is most useful
		6	there). Spotted by Minstrel AT minstrel.org.uk
		7
1	20080403	8	20080403
2	- (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-	9	- (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
3	time warnings on LynxOS. Patch from ops AT iki.fi	10	time warnings on LynxOS. Patch from ops AT iki.fi
@@ -3857,4 +3864,4 @@
3857	OpenServer 6 and add osr5bigcrypt support so when someone migrates	3864	OpenServer 6 and add osr5bigcrypt support so when someone migrates
3858	passwords between UnixWare and OpenServer they will still work. OK dtucker@	3865	passwords between UnixWare and OpenServer they will still work. OK dtucker@
3859		3866
3860	$Id: ChangeLog,v 1.4905 2008/05/16 00:01:54 djm Exp $	3867	$Id: ChangeLog,v 1.4906 2008/05/19 04:27:42 djm Exp $


diff --git a/sshd_config.5 b/sshd_config.5 index 245ed946f..be3869713 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $
38	.Dd $Mdocdate: March 25 2008 $	38	.Dd $Mdocdate: April 4 2008 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -210,6 +210,29 @@ in-process sftp server is used (see
210	.Cm Subsystem	210	.Cm Subsystem
211	for details).	211	for details).
212	.Pp	212	.Pp
		213	Please note that there are many ways to misconfigure a chroot environment
		214	in ways that compromise security.
		215	These include:
		216	.Pp
		217	.Bl -dash -offset indent -compact
		218	.It
		219	Making unsafe setuid binaries available;
		220	.It
		221	Having missing or incorrect configuration files in the chroot's
		222	.Pa /etc
		223	directory;
		224	.It
		225	Hard-linking files between the chroot and outside;
		226	.It
		227	Leaving unnecessary
		228	.Pa /dev
		229	nodes accessible inside the chroot (especially those for physical drives);
		230	.It
		231	Executing scripts or binaries inside the chroot from outside, either
		232	directly or through facilities such as
		233	.Xr cron 8 .
		234	.El
		235	.Pp
213	The default is not to	236	The default is not to
214	.Xr chroot 2 .	237	.Xr chroot 2 .
215	.It Cm Ciphers	238	.It Cm Ciphers
@@ -340,6 +363,11 @@ Specifying a command of
340	will force the use of an in-process sftp server that requires no support	363	will force the use of an in-process sftp server that requires no support
341	files when used with	364	files when used with
342	.Cm ChrootDirectory .	365	.Cm ChrootDirectory .
		366	Note that
		367	.Dq internal-sftp
		368	is only supported when
		369	.Cm UsePrivilegeSeparation
		370	is enabled.
343	.It Cm GatewayPorts	371	.It Cm GatewayPorts
344	Specifies whether remote hosts are allowed to connect to ports	372	Specifies whether remote hosts are allowed to connect to ports
345	forwarded for the client.	373	forwarded for the client.
@@ -563,6 +591,7 @@ keyword.
563	Available keywords are	591	Available keywords are
564	.Cm AllowTcpForwarding ,	592	.Cm AllowTcpForwarding ,
565	.Cm Banner ,	593	.Cm Banner ,
		594	.Cm ChrootDirectory ,
566	.Cm ForceCommand ,	595	.Cm ForceCommand ,
567	.Cm GatewayPorts ,	596	.Cm GatewayPorts ,
568	.Cm GSSApiAuthentication ,	597	.Cm GSSApiAuthentication ,
@@ -801,6 +830,11 @@ server.
801	This may simplify configurations using	830	This may simplify configurations using
802	.Cm ChrootDirectory	831	.Cm ChrootDirectory
803	to force a different filesystem root on clients.	832	to force a different filesystem root on clients.
		833	Note that
		834	.Dq internal-sftp
		835	is only supported when
		836	.Cm UsePrivilegeSeparation
		837	is enabled.
804	.Pp	838	.Pp
805	By default no subsystems are defined.	839	By default no subsystems are defined.
806	Note that this option applies to protocol version 2 only.	840	Note that this option applies to protocol version 2 only.