From owner-freebsd-hackers Mon Jun 2 09:21:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA26562 for hackers-outgoing; Mon, 2 Jun 1997 09:21:43 -0700 (PDT) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA26554 for ; Mon, 2 Jun 1997 09:21:37 -0700 (PDT) Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id SAA24678; Mon, 2 Jun 1997 18:27:32 +0200 (MET DST) From: Mikael Karpberg Message-Id: <199706021627.SAA24678@ocean.campus.luth.se> Subject: Re: Correct way to chroot for shell account users? To: danny@panda.hilink.com.au (Daniel O'Callaghan) Date: Mon, 2 Jun 1997 18:27:32 +0200 (MET DST) Cc: hackers@FreeBSD.org In-Reply-To: from Daniel O'Callaghan at "May 30, 97 05:09:24 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk According to Daniel O'Callaghan: > > > On Fri, 30 May 1997, Bob Bishop wrote: > > > At 0:03 +0100 30/5/97, Daniel O'Callaghan wrote: > > >On Thu, 29 May 1997, Bob Bishop wrote: > > > > > >> I'm sure I'm being desperately naive here, but isn't it sufficient for > > >> safety to make chroot(2) a successful no-op unless / is really / (ie the > > >> process isn't chrooted already)? > > > > > >That means that you can't run anon ftp properly in a chrooted file system, > > >because ftpd is not allowed to chroot again. > > > > Why would you want to do that? > > Well, I have virtual machines for my virtual WWW service - http, ftpd and > telnetd all run chroot()ed. The customer can access everywhere in their > virtual machine, and they have an anon ftp area which they can > administer, but which gets chrooted again if someone logs in as anonymous. Shouldn't be to hard to only allow a chroot down into the tree and never up, right? So you can go further down, but never up again. Is there a problem with that (which should be rather simple) fix? That would keep even root in jail, no? If not, how could he get out? /Mikael