From owner-freebsd-security Thu Jul 18 19:56:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A910937B400; Thu, 18 Jul 2002 19:56:09 -0700 (PDT) Received: from ns2.austclear.com.au (ns2.austclear.com.au [192.43.185.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B5C143E58; Thu, 18 Jul 2002 19:56:08 -0700 (PDT) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.166.65]) by ns2.austclear.com.au (8.11.2/8.11.3) with ESMTP id g6J2u7t11018; Fri, 19 Jul 2002 12:56:07 +1000 (EST) (envelope-from ahl@austclear.com.au) Received: from tungsten (tungsten [192.168.166.65]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id MAA00937; Fri, 19 Jul 2002 12:56:06 +1000 (EST) Message-Id: <200207190256.MAA00937@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: "Michael Sharp" Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: chroot In-Reply-To: Message from "Michael Sharp" of "Thu, 18 Jul 2002 22:22:59 -0400." <1085.192.168.1.4.1027045379.squirrel@webmail.probsd.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 19 Jul 2002 12:56:05 +1000 From: Tony Landells Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How very interesting... For a start, you can't copy devices with "cp"--you need something smarter like "tar", "cpio", ... Pretty much anything that could be used for backups should understand the niceties of copying a device. As an alternative you could use "mknod" to create them. Here is how to do it with cpio: cd /dev find null random urandom -print | cpio -pdmuv /home/chrootuser/dev/ and then compare the results with ls -l to make sure you're happy. Specifically, using "cp" to copy /dev/null is a method of creating a new empty file, or completely emptying out an existing file. Secondly, are you sure you weren't connected? If you could use control-d to terminate the connection it looks to me like you were connected but had no prompt. Control-d is an "end of file" indicator; when you give it to a shell that means "there are no more commands". Since the sole purpose of a shell is to let you execute commands, this results in it terminating (as it does for any program that primarily processes input). However "end of file" is only meaningful if it's read by something. It doesn't generate any sort of "signal" to catch the attention of a hung program. Try connecting again and typing a command that should work, like "/bin/ls /bin" or even something more basic like "set" (which is builtin to all the shells). If you get something, you're connected. Tony -- Tony Landells Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message