Date: Thu, 06 Feb 2003 11:42:12 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Passwords in Jails Message-ID: <3E423C04.3060106@geminix.org> In-Reply-To: <5.2.0.9.0.20030205075601.061cefe0@192.168.0.12> References: <5.2.0.9.0.20030205075601.061cefe0@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote:
> At 08:43 AM 2/5/2003 +0100, Alex Huth wrote:
>
>> Where can I solve this problem or is there a possibility to manage
>> passwords/public keys of a jail from the basesystem?
>
> Yes, just manipulate the master.passwd file directly from outside your
> jail, or cp your public key to the appropriate authorized_keys2 file, as
> you have access to the entire file system from the base system.
You may want to make sure, though, that the Jail is not running before
you do so. Writing to a Jail from the outside is a major security
headache if it is inhabited by untrusted users. Imagine what happens
when the user does this (or similar things) in his '/etc':
ln -sf /etc/master.passwd master.passwd
You'd end up changing the respective file in your base system. Stopping
the Jail prevents races, so you can inspect files in a safe manner
before you actually change them. Chrooting into the Jail and changing
files from there might help as well:
chroot /path/to/jail/root
Uwe
--
Uwe Doering <gemini@geminix.org>
Berlin, Germany
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E423C04.3060106>