[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 3428] chroot root 755] I wish there was an option to lower the chroot security. CVE-2009-2904
From: bugzilla-daemon () mindrot ! org
Date: 2022-05-01 23:58:25
Message-ID: bug-3428-705-fCdYfJarB0 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=3428
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Sorry, but this has been discussed extensively in the past (e.g. this
thread https://marc.info/?t=122641302700006&r=1&w=2) and we do not
intend to make changes to ChrootDirectory permission requirements.
The CVE you mention occurred because Redhat ignored this and patched
their sshd to relax these requirements. It never affected the version
of OpenSSH that we ship.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic