From owner-freebsd-hackers Mon May 26 02:30:29 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id CAA08779 for hackers-outgoing; Mon, 26 May 1997 02:30:29 -0700 (PDT) Received: from four.wplus.net (four.wplus.net [194.8.160.90]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA08772 for ; Mon, 26 May 1997 02:30:24 -0700 (PDT) Received: from himera.wplus.net (himera [194.8.160.126]) by four.wplus.net (8.8.4/8.8.4) with ESMTP id NAA28613; Mon, 26 May 1997 13:25:34 +0400 (MSD) Received: (from ptitz@localhost) by himera.wplus.net (8.8.4/8.8.4) id NAA24621; Mon, 26 May 1997 13:26:18 +0400 (MSD) From: Dmitry Mishin Message-Id: <199705260926.NAA24621@himera.wplus.net> Subject: Re: Correct way to chroot for shell account users? To: mrcpu@cdsnet.net (Jaye Mathisen) Date: Mon, 26 May 1997 13:26:18 +0400 (MSD) Cc: hackers@FreeBSD.ORG In-Reply-To: from Jaye Mathisen at "May 25, 97 02:50:55 pm" X-NCC-RegID: ru.webplus Organization: WEBPlus Ltd. X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > Anybody got any tips on how to write a secure shell to exec on login to > set a users environment to the "right thing". > > (I don't mean a rsh type secure shell, but rather a good secure thing > to have in /etc/master.passwd that execs the real shell in a chroot'd > environment.). > > Any code appreciated as well. Thanks. > > > > All setup as in wu-ftpd + files in /chroot/./var/ Hope it can help you, -- D.Mishin *** /usr/src/usr.bin/login/login.c Mon Aug 28 15:15:54 1995 --- login.c Mon May 26 13:02:30 1997 *************** *** 130,135 **** --- 130,137 ---- #ifdef SKEY int permit_passwd = 0; #endif + char *pp; + int is_chrooted = 0; (void)signal(SIGALRM, timedout); (void)alarm(timeout); *************** *** 401,408 **** --- 403,457 ---- initgroups(username, pwd->pw_gid); + if (p = strstr(pwd->pw_dir, "/./")) + { + chmod(ttyn, 0622); + pp = strdup(pwd->pw_dir); + pp[p - pwd->pw_dir] = 0; + if (chroot(pp)) { + syslog(LOG_INFO, "CHROOT error %s: %m", pwd->pw_name); + exit(1); + } + is_chrooted = 1; + + if (!(pwd = getpwnam(username))) + { + syslog(LOG_INFO, "CHROOT user %s isn't defined", username); + exit(1); + } + + + /* Nothing else left to fail -- really log in. */ + memset((void *)&utmp, 0, sizeof(utmp)); + (void)time(&utmp.ut_time); + (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); + if (hostname) + (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); + (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); + login(&utmp); + + dolastlog(quietlog); + + /* + * Set device protections, depending on what terminal the + * user is logged in. This feature is used on Suns to give + * console users better privacy. + */ + login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); + + (void)chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); + + + (void)setgid(pwd->pw_gid); + + initgroups(username, pwd->pw_gid); + + } + if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; + /* Destroy environment unless user has requested its preservation. */ if (!pflag)