Date: Fri, 28 Jun 2002 18:34:04 -0700 From: Pat Lashley <patl+freebsd@volant.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: FreeBSD Security Mailling List <freebsd-security@FreeBSD.ORG> Subject: Re: Jailing SSHd Message-ID: <188970000.1025314444@mccaffrey.phoenix.volant.org>
next in thread | raw e-mail | index | archive | help
--On Saturday, June 29, 2002 12:28:35 AM +0200 Poul-Henning Kamp=20 <phk@critter.freebsd.dk> wrote: > In message <2849830000.1025137373@mccaffrey.phoenix.volant.org>, Pat > Lashley wr ites: >> >> --On Wednesday, June 26, 2002 09:07:36 PM +0200 Poul-Henning Kamp=3D20 >> <phk@critter.freebsd.dk> wrote: >> >>> Which reminds me that we should really tweak the code and put it in a >>> jail instead of a chroot. >> >> Careful there. Some of us are using SSH to log into jails running >> virtual hosting environments. The default installation needs to be able >> to run if it is already within a jail when sshd is started. > > You could just fall back to chroot(2) if jail(2) failed. My point is that the DEFAULT installation and configuration must Do The Right Thing whether it is run in a jail or in the main server environment. An acceptable solution would be a startup script which was either smart enough to recognize when it is running in a jail, or which implements a chroot fallback if the attempt to jail the sshd fails. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?188970000.1025314444>