From owner-freebsd-hackers Mon Jun 2 10:57:58 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA01996 for hackers-outgoing; Mon, 2 Jun 1997 10:57:58 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA01991 for ; Mon, 2 Jun 1997 10:57:55 -0700 (PDT) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id KAA28793; Mon, 2 Jun 1997 10:54:16 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpd028788; Mon Jun 2 17:54:15 1997 Message-ID: <33930897.2781E494@whistle.com> Date: Mon, 02 Jun 1997 10:53:27 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: Mikael Karpberg CC: "Daniel O'Callaghan" , hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? References: <199706021627.SAA24678@ocean.campus.luth.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Mikael Karpberg wrote: > > According to Daniel O'Callaghan: > > > > > > On Fri, 30 May 1997, Bob Bishop wrote: > > > > > At 0:03 +0100 30/5/97, Daniel O'Callaghan wrote: > > > >On Thu, 29 May 1997, Bob Bishop wrote: > > > > > > > >> I'm sure I'm being desperately naive here, but isn't it sufficient for > > > >> safety to make chroot(2) a successful no-op unless / is really / (ie the > > > >> process isn't chrooted already)? > > > > > > > >That means that you can't run anon ftp properly in a chrooted file system, > > > >because ftpd is not allowed to chroot again. > > > > > > Why would you want to do that? > > > > Well, I have virtual machines for my virtual WWW service - http, ftpd and > > telnetd all run chroot()ed. The customer can access everywhere in their > > virtual machine, and they have an anon ftp area which they can > > administer, but which gets chrooted again if someone logs in as anonymous. > > Shouldn't be to hard to only allow a chroot down into the tree and > never up, right? So you can go further down, but never up again. > Is there a problem with that (which should be rather simple) fix? > That would keep even root in jail, no? If not, how could he get out? > > /Mikael define down/up... whether or not you do a chroot after you have escaped is irrelevant. you can still access files..