[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot

On Wed, 27 Dec 2000, Craig Sanders wrote:

> read the docs on rbash (restricted bash shell) and set their shell to
> /bin/rbash in /etc/passwd.

Been there; done that (before posting to the list).
Works as expected; but still doesn't make a blind scrap of difference as
to whether the chroot call is implemented or not.

> it's not as useful as you might think it is, and takes a lot of work
> to actually make it usable.  

You can say that again!

> imo, it's not worth the bother - if a user can't be trusted with a
> shell, then don't give them one.

I tend to agree with you here.  (Problem is, I can only >>advise<<
clients on their system configuration -- not tell them what to do.
And if I can't even get it working on my own system, how am I going to
do it on theirs?)

> sure that all file permissions are correct and that there are no suid
> root exploitable holes on your system.

Totally agreee; but it looks very much as if the only way to run a
script to call chroot is via suid.  Not nice.

Hey ho.
Martin Wheeler       -        StarTEXT - Glastonbury - BA6 9PH - England
[1] mwheeler@startext.co.uk                   http://www.startext.co.uk/

Reply to: