Date: Mon, 4 Nov 1996 09:48:49 +1030 (CST) From: newton@communica.com.au (Mark Newton) To: dev@trifecta.com (Dev Chanchani) Cc: marcs@znep.com, freebsd-security@freebsd.org Subject: Re: chroot() security Message-ID: <9611032318.AA13474@communica.com.au> In-Reply-To: <Pine.BSF.3.91.961103150038.3636A-100000@www.trifecta.com> from "Dev Chanchani" at Nov 3, 96 03:01:32 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Dev Chanchani wrote:
> > telnetd@192.168.0.1 : \
> > .example.com : \
> > rfc931 : severity auth.info : \
> > twist = /usr/sbin/chroot /directory/to/chroot/to /usr/libexec/telnetd
>
> Trying this method, I am getting the error telnetd: all network ports in
> use.
You've probably installed tcpd with the "simple" option, which involves
replacing your daemons in /usr/libexec/ with a hard link to tcpd, which
knows where to find the "real" ones if a connection is permitted.
Hence, when you call /usr/libexec/telnetd in the example above, it ends
up running recursively. This is probably not what you want :-)
Try specifying the path to the "real" telnetd instead (the one in your hide
directory, which was configured into tcpd at compile time).
> I am sure all network ports are not in use :)
I'm willing to believe they are :-) (they'll be mostly in CLOSE_WAIT
though)
- mark
---
Mark Newton Email: newton@communica.com.au
Systems Engineer Phone: +61-8-8373-2523
Communica Systems WWW: http://www.communica.com.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9611032318.AA13474>