[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mkchroot scripts



On Fri, Feb 04 at 09:28:19 (+0100), Wouter Verhelst wrote:
> Actually, that /is/ a needed file. Some programs look up the name of a
> user before doing stuff (or look up the UID of a username), and without
> that file they do very strange things

If you need /etc/passwd, for example, the better way is to 
$ grep username /etc/passwd > /path/to/croot/etc/passwd

but not to copy the whole /etc/passwd. If you needed shared library 
for elf32 binary file you can use ldd_handle.pl script. For shell script 
it's quite difficult to determine what external (not shell builtin ) command needed.
Probably you have to call ldd_handle.pl for each external binary file. I
think the one solution for such cases does not exists. But I think
the better it's just chrooted only needed files from packages like fileutils, but not
the whole package (why you need command like ls, dir? it's potential
security hole, IMHO)

PS: I wrote alternative, not replace for makejail and debootstrap.


-- 
Sergei "df" Kononov
GnuPG ID: 0x7D992F45
Linux - because software problems should not cost money. (by Shlomi Fish)

Attachment: pgpTIXytmEGbY.pgp
Description: PGP signature


Reply to: