jailkit-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] [bug #58213] Problem with jailhome definition

From: Cyprien Pouzenc
Subject: [Jailkit-dev] [bug #58213] Problem with jailhome definition
Date: Mon, 20 Apr 2020 11:13:06 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 
URL:
  <https://savannah.nongnu.org/bugs/?58213>

                 Summary: Problem with jailhome definition
                 Project: Jailkit
            Submitted by: cypouz
            Submitted on: Mon 20 Apr 2020 03:13:05 PM UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

In `jk_jailuser` file, there is a problem with the definition of the
`jailhome` variable. I think the problem is in the bloc of the
`addusertojail()` function definition:


        if (dirinjail(pw[5], jail)):
                if (pw[5][0:len(jail)+3] == jail+'/./'):
                        jailhome = pw[5][len(jail)+2:]
                else:
                        jailhome = pw[5][len(jail):]
        else:
                jailhome = pw[5]


If my jail directory is `/home/jail` and my user to jail is `alice`, so
`(dirinjail(pw[5], jail))` is false because /home/jail is not equal to
/home/alic (without the `e` because of `len(jail)` in `dirinjail()` function).
In this case, jailhome = /home/alice. It's OK.

If my jail directory is `/home/jail` and my user to jail is `jailalice`, so
`(dirinjail(pw[5], jail))` is true because /home/jail is equal to /home/jail
(in fact /home/jailalice truncated, due to `len(jail)` in `dirinjail()`
function). In this case, jailhome = alice. Not `/home/jailalice`. It's a
problem because, in `/home/jail/etc/passwd`, the home directory of jailalice
user will be `alice`, not `/home/jailalice`.

In short, the user to jail must not begin with the same word as the jail
directory. This case is not tested in `jk_jailuser` file. Or the `jailhome`
definition must to be changed.




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58213>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]