chroot und scp problem

H

hudo

Active Member
Hallo,
ich habe einen normalen user mit login right in sein home-Verzeichnis eingesperrt
(mit chroot) und moechte nun auch scp benutzen.
Einloggen per slogin oder ssh funktioniert einwandfrei, auch vi funkt. bestens.
whoami bringt folgende Antwort:
/usr/bin/whoami[5]: /usr/bin/id: restricted

Hier noch die Fehlermeldung nach Eingabe von
ktrace scp xyz udo@localhost:zzz

Host key verification failed.
lost connection

Ich benutze ein Skript fuer das Chrooten:
--------------------------------
#!/bin/bash
sudo chroot /home/udo /bin/bash
--------------------------------

Anfangs habe ich den kompletten /etc Baum nach /home/udo/etc kopiert
Ausserdem folgende Verzeichnisse/Dateien

/home/udo/bin/ (enthaelt bash)
/home/udo/root/.ssh
/home/udo/tmp

/home/udo/var:
drwxr-xr-x 6 root wheel 512 May 7 09:03 ./
drwxr-xr-x 12 udo udo 512 May 11 22:29 ../
drwxr-xr-x 3 root wheel 512 Mar 29 2003 empty/
drwxr-xr-x 2 root wheel 512 May 7 09:05 mail/
drwxr-xr-x 2 root wheel 512 May 7 09:37 run/
drwxr-xr-x 3 root wheel 512 May 6 19:20 tmp/

/home/udo/usr/lib:
drwxr-xr-x 2 udo udo 512 May 6 19:39 ./
drwxr-xr-x 6 root wheel 512 May 6 19:41 ../
-r--r--r-- 1 root bin 132237 May 6 14:36 libasn1.so.3.0
-r--r--r-- 1 root bin 624001 May 6 14:36 libc.so.29.0
-r--r--r-- 1 root bin 1001279 May 6 14:36 libcrypto.so.9.0
-r--r--r-- 1 root bin 261165 May 6 14:36 libcurses.so.9.0
-r--r--r-- 1 root bin 42411 May 6 14:36 libdes.so.8.0
-r--r--r-- 1 root bin 12973 May 6 14:36 libkafs.so.11.0
-r--r--r-- 1 root bin 114456 May 6 14:36 libkrb.so.11.0
-r--r--r-- 1 root bin 256673 May 6 14:36 libkrb5.so.5.0
-r--r--r-- 1 root bin 55094 May 6 14:36 libz.so.2.0

/home/udo/usr/libexec:
drwxr-xr-x 2 root wheel 512 May 6 20:16 ./
drwxr-xr-x 6 root wheel 512 May 6 19:41 ../
-r-xr-xr-x 1 root bin 61440 May 6 14:36 ld.so*
-r-xr-xr-x 1 root bin 32768 May 6 19:37 sftp-server*
-r-xr-xr-x 1 root bin 131072 May 6 19:37 ssh-keysign*
-r-xr-xr-x 1 root bin 90112 May 6 20:16 telnetd*

/home/udo/usr/libdata:
drwxr-xr-x 3 root wheel 512 May 6 19:41 ./
drwxr-xr-x 6 root wheel 512 May 6 19:41 ../
drwxr-xr-x 2 root wheel 512 May 6 19:41 ssh/


/home/udo/dev:
drwxr-xr-x 2 root wheel 512 May 6 19:49 ./
drwxr-xr-x 12 udo udo 512 May 11 22:24 ../
crw-rw-rw- 1 root wheel 70, 0 May 6 19:49 crypto
crw-rw-rw- 1 root wheel 2, 2 May 6 14:38 null
crw-rw-rw- 1 root wheel 1, 0 May 6 14:39 tty
crw-rw---- 1 root wheel 8, 0 May 6 14:39 tty00
crw-rw---- 1 root wheel 8, 1 May 6 14:40 tty01
crw-rw---- 1 root wheel 8, 2 May 6 14:40 tty02
crw------- 1 root wheel 12, 0 May 6 14:40 ttyC0
crw------- 1 root wheel 12, 1 May 6 14:40 ttyC1
crw------- 1 root wheel 12, 2 May 6 14:40 ttyC2
crw-rw-rw- 1 root wheel 5, 0 May 6 14:41 ttyp0
crw-rw-rw- 1 root wheel 5, 1 May 6 14:41 ttyp1
crw-rw-rw- 1 root wheel 5, 2 May 6 14:41 ttyp2
crw-rw-rw- 1 root wheel 2, 12 May 6 14:38 zero


/home/udo/usr/bin:
drwxr-xr-x 2 root wheel 512 May 6 20:26 ./
drwxr-xr-x 6 root wheel 512 May 6 19:41 ../
-r-xr-xr-x 1 root bin 90112 May 6 14:35 cp*
-r-xr-xr-x 1 root bin 270336 May 6 14:35 csh*
-r-xr-xr-x 1 root bin 77824 May 6 19:22 df*
-r-xr-xr-x 1 root bin 8192 May 6 14:35 env*
-r-xr-xr-x 1 root bin 102400 May 6 14:35 ftp*
-r-xr-xr-x 1 root wheel 73728 May 6 20:26 grep*
-r-xr-xr-x 1 root bin 116 May 6 14:35 groups*
-r-xr-xr-x 1 root bin 12288 May 6 14:35 id*
-r-xr-xr-x 1 root bin 126976 May 6 19:09 kdump*
-r-xr-xr-x 1 root bin 73728 May 6 19:06 ktrace*
-r-xr-xr-x 1 root bin 73728 May 6 14:35 less*
-r-xr-xr-x 1 root bin 172032 May 6 14:35 ls*
-r-xr-xr-x 1 root bin 77824 May 6 14:35 mkdir*
-r-xr-xr-x 1 root bin 163840 May 6 14:35 mv*
-r-xr-xr-x 1 root bin 237568 May 6 14:35 ncftp*
-r-xr-xr-x 1 root bin 73728 May 6 14:35 pwd*
-r-xr-xr-x 1 root bin 163840 May 6 14:35 rm*
-r-xr-xr-x 1 root bin 69632 May 6 14:35 rmdir*
-r-xr-xr-x 1 root bin 32768 May 6 14:35 scp*
-r-xr-xr-x 1 root bin 315392 May 6 14:35 sh*
-r-xr-xr-x 1 root bin 221184 May 6 14:35 slogin*
-r-xr-xr-x 1 root bin 221184 May 6 14:35 ssh*
-r-xr-xr-x 1 root bin 16384 May 6 14:35 su*
-r-xr-xr-x 1 root bin 286720 May 6 14:35 vi*
-r-xr-xr-x 1 root bin 112 May 6 14:35 whoami*

Hier nun die Ausgabe (gekuerzt) von
ktrace scp xyz udo@localhost:zzz

---------------------------------------------
19184 ktrace RET ktrace 0
19184 ktrace CALL execve(0xcfbfd640,0xcfbfdb3c,0xcfbfdb4c)
19184 ktrace NAMI "/usr/bin/scp"
19184 scp EMUL "native"
19184 scp RET execve 0
19184 scp CALL open(0x10e5,0,0)
19184 scp NAMI "/usr/libexec/ld.so"
19184 scp RET open 3
19184 scp CALL read(0x3,0xcfbfd9a4,0x20)
19184 scp GIO fd 3 read 32 bytes
"\M-@\M^F\^A\v\0\M-P\0\0\0 \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0"
19184 scp RET read 32/0x20
19184 scp CALL mmap(0,0xf000,0x5,0x2,0x3,0,0,0)
19184 scp RET mmap 1073778688/0x40009000
19184 scp CALL mmap(0x40016000,0x2000,0x7,0x12,0x3,0,0xd000,0)
19184 scp RET mmap 1073831936/0x40016000
19184 scp CALL issetugid
19184 scp RET issetugid 0
19184 scp CALL __sysctl(0xcfbfd814,0x2,0x40017a08,0xcfbfd810,0,0)
19184 scp RET __sysctl 0
19184 scp CALL mmap(0,0x8000,0x3,0x1004,0xffffffff,0,0,0)
19184 scp RET mmap 1073840128/0x40018000
19184 scp CALL open(0x4000ab74,0,0)
19184 scp NAMI "/var/run/ld.so.hints"
19184 scp RET open 4
19184 scp CALL mmap(0,0x1000,0x1,0x4,0x4,0,0,0)
19184 scp RET mmap 1073872896/0x40020000
19184 scp CALL open(0x400209a3,0,0)
19184 scp NAMI "/usr/lib/libc.so.29.0"
19184 scp RET open 5
19184 scp CALL read(0x5,0xcfbfd89c,0x20)
19184 scp GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0`\b\0\0\M^P\0\0\M-p\M-f\^B\0\M-tG\0\0 \0\0\0\0\0\0\0\0\
\0\0\0"
19184 scp RET read 32/0x20
19184 scp CALL mmap(0,0xbd6f0,0x5,0x4,0x5,0,0,0)
19184 scp RET mmap 1073876992/0x40021000
19184 scp CALL mprotect(0x400a7000,0x9000,0x7)
19184 scp RET mprotect 0
19184 scp CALL mmap(0x400b0000,0x2e6f0,0x3,0x1014,0xffffffff,0,0,0)
19184 scp RET mmap 1074462720/0x400b0000
19184 scp CALL close(0x5)
19184 scp RET close 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8450,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8454,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8458,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x845c,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8460,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8464,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x8468,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL __sysctl(0xcfbfd7c4,0x2,0x846c,0xcfbfd7c0,0,0)
19184 scp RET __sysctl 0
19184 scp CALL munmap(0x40020000,0x1000)
19184 scp RET munmap 0
19184 scp CALL close(0x4)
19184 scp RET close 0
19184 scp CALL close(0x3)
19184 scp RET close 0
19184 scp CALL __sysctl(0xcfbfd94c,0x2,0x400de6e8,0xcfbfd948,0,0)
19184 scp RET __sysctl 0
19184 scp CALL readlink(0x40068606,0xcfbfd8a4,0x3f)
19184 scp NAMI "/etc/malloc.conf"
19184 scp RET readlink -1 errno 2 No such file or directory
19184 scp CALL issetugid
19184 scp RET issetugid 0
19184 scp CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
19184 scp RET mmap 1073872896/0x40020000
19184 scp CALL break(0x870c)
19184 scp RET break 0
19184 scp CALL break(0x870c)
19184 scp RET break 0
19184 scp CALL break(0xa000)
19184 scp RET break 0
19184 scp CALL break(0xa000)
19184 scp RET break 0
19184 scp CALL break(0xb000)
19184 scp RET break 0
19184 scp CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
19184 scp RET mmap 1074655232/0x400df000
19184 scp CALL mprotect(0x400df000,0x1000,0x1)
19184 scp RET mprotect 0
19184 scp CALL mprotect(0x400df000,0x1000,0x3)
19184 scp RET mprotect 0
19184 scp CALL mprotect(0x400df000,0x1000,0x1)
19184 scp RET mprotect 0
19184 scp CALL break(0xb000)
19184 scp RET break 0
19184 scp CALL break(0xc000)
19184 scp RET break 0
19184 scp CALL getuid
19184 scp RET getuid 0
19184 scp CALL break(0xc000)
19184 scp RET break 0
19184 scp CALL break(0xd000)
19184 scp RET break 0
19184 scp CALL open(0x40059577,0,0)
19184 scp NAMI "/etc/spwd.db"
19184 scp RET open 3
19184 scp CALL fcntl(0x3,0x2,0x1)
19184 scp RET fcntl 0
19184 scp CALL fstat(0x3,0xcfbfd808)
19184 scp RET fstat 0
19184 scp CALL read(0x3,0xc000,0x104)
19184 scp GIO fd 3 read 260 bytes

19184 scp RET read 260/0x104
19184 scp CALL break(0xd000)
19184 scp RET break 0
19184 scp CALL break(0xe000)
19184 scp RET break 0
19184 scp CALL break(0xe000)
19184 scp RET break 0
19184 scp CALL break(0xf000)
19184 scp RET break 0
19184 scp CALL break(0xf000)
19184 scp RET break 0
19184 scp CALL break(0x10000)
19184 scp RET break 0
19184 scp CALL pread(0x3,0xf000,0x1000,0,0x1000,0)
19184 scp GIO fd 3 read 4088 bytes
19184 scp GIO fd 3 read 8 bytes
"\0001popa3d"
19184 scp RET pread 4096/0x1000
19184 scp CALL break(0x10000)
19184 scp RET break 0
19184 scp CALL break(0x11000)
19184 scp RET break 0
19184 scp CALL pread(0x3,0x10000,0x1000,0,0x5000,0)
19184 scp GIO fd 3 read 4088 bytes


19184 scp GIO fd 3 read 8 bytes

19184 scp RET pread 4096/0x1000
19184 scp CALL break(0x11000)
19184 scp RET break 0
19184 scp CALL break(0x12000)
19184 scp RET break 0
19184 scp CALL pread(0x3,0x11000,0x1000,0,0x4000,0)
19184 scp GIO fd 3 read 4088 bytes


19184 scp GIO fd 3 read 8 bytes
"\0\0\0001sshd"
19184 scp RET pread 4096/0x1000
19184 scp CALL close(0x3)
19184 scp RET close 0
19184 scp CALL ioctl(0x2,TIOCGETA,0xcfbfd928)
19184 scp RET ioctl 0
19184 scp CALL sigaction(0xd,0xcfbfd94c,0xcfbfd940)
19184 scp RET sigaction 0
19184 scp CALL pipe(0xcfbfd8e0)
19184 scp RET pipe 0
19184 scp CALL pipe(0xcfbfd8d8)
19184 scp RET pipe 0
19184 scp CALL pipe(0xcfbfd8d0)
19184 scp RET pipe 0
19184 scp CALL close(0x3)
19184 scp RET close 0
19184 scp CALL close(0x4)
19184 scp RET close 0
19184 scp CALL fork
19184 scp RET fork 25836/0x64ec
19184 scp CALL close(0x5)
19184 scp RET close 0
19184 scp CALL close(0x8)
19184 scp RET close 0
19184 scp CALL read(0x7,0xcfbfd113,0x1)
19184 scp RET read 0
19184 scp CALL write(0x2,0x44d7,0x10)
19184 scp GIO fd 2 wrote 16 bytes
"lost connection
"
19184 scp RET write 16/0x10
19184 scp CALL munmap(0x400df000,0x1000)
19184 scp RET munmap 0
19184 scp CALL exit(0x1)
-------------------------------------------------------
 
scp arbeitet "reverse", d.h., dass auf dem remote system eine ssh session geoeffnet wird.
wenn das in deinem mega-chroot lala nicht geht, dann geht auch scp nicht.

Sidenote: ein chroot mit sovielen (potentiellen) loechern ist auch "useless".

HTH
 
Zur Sache: Was "fehlt" den in meinem mega-chroot lala, damit scp funktioniert. Gib mal bitte ein paar Anhaltspunkt.

Nebenbei: Kannst Du mit ein paar (potentielle) Sicherheitsloecher mitteilen ? Aus /usr/bin/ werden noch einige Befehle entfernt (zB su, sh, ktrace, kdump,..) wenn scp funktioniert.
Desweiteren wuerde ich dann Schritt fuer Schritt das chrooted etc/ -Verzeichnis durchgehen und entruempeln.

Nebenbei 2: Welche Alternativen schlaegst Du vor fuer einen sicheren Datei-Transfer wobei der remote-user moeglichst wenig Infos vom lokalen System erhalten/sehen soll.
Habe mir auch ueberlegt ein ftp-user anzulegen ohne login-recht, aber da spielt grad meine pf.conf nicht mit..

Gruss
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Zurück
Oben