Date: Mon, 2 Jun 1997 18:27:32 +0200 (MET DST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: danny@panda.hilink.com.au (Daniel O'Callaghan) Cc: hackers@FreeBSD.org Subject: Re: Correct way to chroot for shell account users? Message-ID: <199706021627.SAA24678@ocean.campus.luth.se> In-Reply-To: <Pine.BSF.3.91.970530170721.14689r-100000@panda.hilink.com.au> from Daniel O'Callaghan at "May 30, 97 05:09:24 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Daniel O'Callaghan: > > > On Fri, 30 May 1997, Bob Bishop wrote: > > > At 0:03 +0100 30/5/97, Daniel O'Callaghan wrote: > > >On Thu, 29 May 1997, Bob Bishop wrote: > > > > > >> I'm sure I'm being desperately naive here, but isn't it sufficient for > > >> safety to make chroot(2) a successful no-op unless / is really / (ie the > > >> process isn't chrooted already)? > > > > > >That means that you can't run anon ftp properly in a chrooted file system, > > >because ftpd is not allowed to chroot again. > > > > Why would you want to do that? > > Well, I have virtual machines for my virtual WWW service - http, ftpd and > telnetd all run chroot()ed. The customer can access everywhere in their > virtual machine, and they have an anon ftp area which they can > administer, but which gets chrooted again if someone logs in as anonymous. Shouldn't be to hard to only allow a chroot down into the tree and never up, right? So you can go further down, but never up again. Is there a problem with that (which should be rather simple) fix? That would keep even root in jail, no? If not, how could he get out? /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706021627.SAA24678>