Date: Tue, 27 May 1997 09:16:05 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: peter@grendel.IAEhv.nl (Peter Korsten) Cc: mrcpu@cdsnet.net, hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? Message-ID: <199705271616.JAA15356@phaeton.artisoft.com> In-Reply-To: <19970526233013.13944@hw.nl> from "Peter Korsten" at May 26, 97 11:30:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Anybody got any tips on how to write a secure shell to exec on login to > > set a users environment to the "right thing". > > > > (I don't mean a rsh type secure shell, but rather a good secure thing > > to have in /etc/master.passwd that execs the real shell in a chroot'd > > environment.). > > I don't think you can build a real shell (like sh or csh) and have > it run safely inside a chroot environment. Someone (as a matter of > fact, the FreeBSD security officer :) ) showed me how to break out > of a chroot environment with a simple 'ln' or something like that. Actually, this problem has to do with namei() and the use of NULL to indicate a non-chroot struct file * for the current directory for the process. I've complained about this before. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705271616.JAA15356>