From: Ricardo Cerqueira <rmcc@novis.pt>

A patch to cause sshd to chroot when it encounters the magic token
'/./' in a users home directory. The directory portion before the
token is the directory to chroot() to, the portion after the
token is the user's home directory relative to the new root.

To apply, execute the following command from the OpenSSH source directory:

patch -p0 < contrib/chroot.diff


--- session.c	Thu Mar 22 01:58:27 2001
+++ session.c.chroot	Thu Apr  5 12:33:23 2001
@@ -93,6 +93,8 @@
 # include <uinfo.h>
 #endif
 
+#define CHROOT
+
 /* types */
 
 #define TTYSZ 64
@@ -1012,6 +1014,11 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef CHROOT
+    char *user_dir;
+    char *new_root;
+#endif /* CHROOT */
+
 	int do_xauth = s->auth_proto != NULL && s->auth_data != NULL;
 #ifdef WITH_IRIX_PROJECT
 	prid_t projid;
@@ -1095,6 +1102,27 @@
 				exit(1);
 			}
 			endgrent();
+
+#ifdef CHROOT
+       user_dir = xstrdup(pw->pw_dir);
+       new_root = user_dir + 1;
+
+       while((new_root = strchr(new_root, '.')) != NULL) {
+               new_root--;
+               if(strncmp(new_root, "/./", 3) == 0) {
+                       *new_root = '\0';
+                       new_root += 2;
+
+                       if(chroot(user_dir) != 0)
+                               fatal("Couldn't chroot to user directory %s", user_dir);
+
+                       pw->pw_dir = new_root;
+                       break;
+               }
+               new_root += 2;
+       }
+#endif /* CHROOT */
+
 #  ifdef WITH_IRIX_JOBS
 			jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
 			if (jid == -1) {