From owner-freebsd-security  Mon Aug 31 05:57:28 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA15066
          for freebsd-security-outgoing; Mon, 31 Aug 1998 05:57:28 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA15057
          for <freebsd-security@freebsd.org>; Mon, 31 Aug 1998 05:57:23 -0700 (PDT)
          (envelope-from hu006co@mail.euroweb.hu)
Received: (from hu006co@localhost)
	by mail.euroweb.hu (8.8.5/8.8.5) id OAA29865
	for freebsd.org!freebsd-security; Mon, 31 Aug 1998 14:56:15 +0200 (MET DST)
Received: (from zgabor@localhost)
	by CoDe.hu (8.8.8/8.8.8) id LAA00544
	for freebsd-security@freebsd.org; Mon, 31 Aug 1998 11:43:15 +0200 (CEST)
	(envelope-from zgabor)
From: Zahemszky Gabor <zgabor@zg.CoDe.hu>
Message-Id: <199808310943.LAA00544@CoDe.hu>
Subject: Re: Shell history
In-Reply-To: <3.0.3.32.19980829153814.0076e548@207.227.119.2> from "Jeffrey J. Mountin" at "Aug 29, 98 03:38:14 pm"
To: freebsd.org!freebsd-security@zg.CoDe.hu
Date: Mon, 31 Aug 1998 11:43:15 +0200 (CEST)
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> >> Sort of an automated chroot thing you can't bypass I guess.
> >
> >Build a chrooted area with /etc, /bin, /usr/bin, /usr/lib, /usr/libexec 
> >files which are necessary.
> >Change inetd to run telnetd.sh and have telnetd.sh do:
> >
> >-----
> >#!/bin/sh
> >cd /newroot
> >/usr/sbin/chroot . exec /usr/libexec/telnetd
> >-----
> >
> >Danny
> 
> This means that there would be common area for all shell users and I'd wonder if root would be restricted to console and ssh perhaps.

In some AT&T Unices (HP, if I know well), this is the job of login:
if that user has a star ``*'' as shell (the /etc/passwd line of that user
is like:
user:passwd:uid:gid:gcos:home:*
),
than login is chroot to home, and start another login, with a /etc/passwd in
that chrooted environment.  Well, with that way, that user has to type
two login/passwd sequence, but I think it's not a bad idea.

ZGabor at CoDe dot HU

-- 
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message