From owner-freebsd-hackers Mon May 26 14:42:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA12923 for hackers-outgoing; Mon, 26 May 1997 14:42:12 -0700 (PDT) Received: from news.IAEhv.nl (root@news.IAEhv.nl [194.151.64.4]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA12917 for ; Mon, 26 May 1997 14:42:08 -0700 (PDT) Received: from LOCAL (uucp@localhost) by news.IAEhv.nl (8.6.13/1.63) with IAEhv.nl; pid 27621 on Mon, 26 May 1997 21:42:02 GMT; id VAA27621 efrom: peter@grendel.IAEhv.nl; eto: UNKNOWN Received: (from peter@localhost) by grendel.IAEhv.nl (8.8.5/8.8.5) id XAA00588; Mon, 26 May 1997 23:30:13 +0200 (CEST) Message-ID: <19970526233013.13944@hw.nl> Date: Mon, 26 May 1997 23:30:13 +0200 From: Peter Korsten To: Jaye Mathisen Cc: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.67e In-Reply-To: ; from Jaye Mathisen on Sun, May 25, 1997 at 02:50:55PM -0700 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jaye Mathisen shared with us: > > Anybody got any tips on how to write a secure shell to exec on login to > set a users environment to the "right thing". > > (I don't mean a rsh type secure shell, but rather a good secure thing > to have in /etc/master.passwd that execs the real shell in a chroot'd > environment.). I don't think you can build a real shell (like sh or csh) and have it run safely inside a chroot environment. Someone (as a matter of fact, the FreeBSD security officer :) ) showed me how to break out of a chroot environment with a simple 'ln' or something like that. Indeed, you'd better use a restricted Lynx. With a shell, you would have to disable everything that could cause a break out of the chroot cage. It's better to permit certain actions than to have to forbid them. - Peter