From owner-freebsd-hackers Tue May 27 14:44:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA05365 for hackers-outgoing; Tue, 27 May 1997 14:44:35 -0700 (PDT) Received: from news.IAEhv.nl (root@news.IAEhv.nl [194.151.64.4]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA05360 for ; Tue, 27 May 1997 14:44:32 -0700 (PDT) Received: from LOCAL (uucp@localhost) by news.IAEhv.nl (8.6.13/1.63) with IAEhv.nl; pid 8603 on Tue, 27 May 1997 21:43:22 GMT; id VAA08603 efrom: peter@grendel.IAEhv.nl; eto: UNKNOWN Received: (from peter@localhost) by grendel.IAEhv.nl (8.8.5/8.8.5) id XAA00628; Tue, 27 May 1997 23:38:13 +0200 (CEST) Message-ID: <19970527233812.31278@hw.nl> Date: Tue, 27 May 1997 23:38:12 +0200 From: Peter Korsten To: Terry Lambert Cc: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? References: <19970526233013.13944@hw.nl> <199705271616.JAA15356@phaeton.artisoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.67e In-Reply-To: <199705271616.JAA15356@phaeton.artisoft.com>; from Terry Lambert on Tue, May 27, 1997 at 09:16:05AM -0700 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Terry Lambert shared with us: > > > > I don't think you can build a real shell (like sh or csh) and have > > it run safely inside a chroot environment. Someone (as a matter of > > fact, the FreeBSD security officer :) ) showed me how to break out > > of a chroot environment with a simple 'ln' or something like that. > > Actually, this problem has to do with namei() and the use of NULL > to indicate a non-chroot struct file * for the current directory > for the process. No, it really was with some simple /bin commands. No structures or null pointers were mentoined. > I've complained about this before. No kidding. :) - Peter