Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Nov 1996 09:48:49 +1030 (CST)
From:      newton@communica.com.au (Mark Newton)
To:        dev@trifecta.com (Dev Chanchani)
Cc:        marcs@znep.com, freebsd-security@freebsd.org
Subject:   Re: chroot() security
Message-ID:  <9611032318.AA13474@communica.com.au>
In-Reply-To: <Pine.BSF.3.91.961103150038.3636A-100000@www.trifecta.com> from "Dev Chanchani" at Nov 3, 96 03:01:32 pm

next in thread | previous in thread | raw e-mail | index | archive | help
Dev Chanchani wrote:

 > > telnetd@192.168.0.1 : \
 > > 	.example.com : \
 > > 	rfc931 : severity auth.info : \
 > > 	twist = /usr/sbin/chroot /directory/to/chroot/to /usr/libexec/telnetd
 > 
 > Trying this method, I am getting the error telnetd: all network ports in 
 > use.

You've probably installed tcpd with the "simple" option, which involves 
replacing your daemons in /usr/libexec/ with a hard link to tcpd, which
knows where to find the "real" ones if a connection is permitted.

Hence, when you call /usr/libexec/telnetd in the example above, it ends
up running recursively.  This is probably not what you want :-)

Try specifying the path to the "real" telnetd instead (the one in your hide
directory, which was configured into tcpd at compile time).

 > I am sure all network ports are not in use :)

I'm willing to believe they are :-)  (they'll be mostly in CLOSE_WAIT
though)

    - mark

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-8373-2523
Communica Systems                         WWW:   http://www.communica.com.au



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9611032318.AA13474>