From owner-freebsd-isp  Tue Oct 13 17:09:30 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA27441
          for freebsd-isp-outgoing; Tue, 13 Oct 1998 17:09:30 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA27402
          for <freebsd-isp@FreeBSD.ORG>; Tue, 13 Oct 1998 17:09:16 -0700 (PDT)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id RAA05485;
	Tue, 13 Oct 1998 17:08:58 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id RAA19490;
	Tue, 13 Oct 1998 17:08:56 -0700 (PDT)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id RAA17034;
	Tue, 13 Oct 1998 17:08:55 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199810140008.RAA17034@salsa.gv.tsc.tdk.com>
Date: Tue, 13 Oct 1998 17:08:55 -0700
In-Reply-To: David Wolfskill <dhw@whistle.com>
       "Re: CHROOT'd environments" (Oct 13,  9:18am)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: David Wolfskill <dhw@whistle.com>, freebsd-isp@FreeBSD.ORG,
        rezidew@kemicol.rezidew.net
Subject: Re: CHROOT'd environments
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Oct 13,  9:18am, David Wolfskill wrote:
} Subject: Re: CHROOT'd environments
} >Date: Mon, 12 Oct 1998 23:18:03 -0500 (CDT)
} >From: Graphic Rezidew <rezidew@kemicol.rezidew.net>
} 
} >The problem that I am running into is that it appears that only root can run
} >chroot. If there is a shell that allows chroot'd logins please let me know
} 
} The chroot() system call may only be invokoed by a process with
} effective uid of 0 (root).  Thus, any such shell would either need to be
} invoked by root or would need to be setuid root.
} 
} The former would not seem to be a useful exercise.
} 
} The latter, though tricky, may be doable; you would need to write your
} own program which would set up the chroot'ed environment, perform the
} chroot, and then relinquish root privileges irrevocably.  It would
} probably also exec a more common shell just before giving the user
} control.  You would need to be certain that the program will handle
} various conditions, some of which may well be pathological, in a known
} and acceptable manner.

You've just described <ftp://ftp.win.tue.nl/pub/security/chrootuid1.2.shar.Z>,
which probably deserves to be a port.  This utility is pretty handy for
starting up daemons in their own chrooted jail, but it's not very
convenient to use chrootuid for user logins.  The painful part is that
chrootuid needs to be invoked as root and needs the desired uid and
chroot directory as arguments.  This means that you'd need to write a
wrapper for it in order to use it as the login shell in /etc/passwd,
and set the uid to 0 in /etc/passwd.

Wu-ftpd can be configured to automagically chroot certain users by
adding a "/./" in the middle of the path to their home directory to
specify the chroot directory.  I'd prefer a tweak to /usr/bin/login to
do the same thing.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message