Date: Thu, 06 Feb 2003 11:42:12 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Passwords in Jails Message-ID: <3E423C04.3060106@geminix.org> In-Reply-To: <5.2.0.9.0.20030205075601.061cefe0@192.168.0.12> References: <5.2.0.9.0.20030205075601.061cefe0@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > At 08:43 AM 2/5/2003 +0100, Alex Huth wrote: > >> Where can I solve this problem or is there a possibility to manage >> passwords/public keys of a jail from the basesystem? > > Yes, just manipulate the master.passwd file directly from outside your > jail, or cp your public key to the appropriate authorized_keys2 file, as > you have access to the entire file system from the base system. You may want to make sure, though, that the Jail is not running before you do so. Writing to a Jail from the outside is a major security headache if it is inhabited by untrusted users. Imagine what happens when the user does this (or similar things) in his '/etc': ln -sf /etc/master.passwd master.passwd You'd end up changing the respective file in your base system. Stopping the Jail prevents races, so you can inspect files in a safe manner before you actually change them. Chrooting into the Jail and changing files from there might help as well: chroot /path/to/jail/root Uwe -- Uwe Doering <gemini@geminix.org> Berlin, Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E423C04.3060106>