chroot'd environment

To: debian-security@lists.debian.org
Cc: 'Renato Lozano' <r.lozano@rogers.com>, José Luis Ledesma <jledesma@competitiveness.com>
Subject: chroot'd environment
From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
Date: Thu, 6 Jun 2002 03:06:03 +0700
Message-id: <[🔎] 20020605200603.GF2092@virus.home>
In-reply-to: <[🔎] F0A34692E64DD611A0AF0050564743D405855B@o250.clustercom.com>
References: <[🔎] F0A34692E64DD611A0AF0050564743D405855B@o250.clustercom.com>

José Luis Ledesma wrote:
> You can do a chrooted enviroment (see above) And start de sshd witch chroot
> <path of chrooted envirment> /sbin/sshd -f /etc/sshd_config
> 
> Also you can specify the shell of the users in /etc/passwd as
> /sbin/sftp-server if you only want to allow this users do a sftp.
[...]
> -rwsr-xr-x 1 root root 27920 Jun 3 13:46 passwd*
[...]
> -rws--x--x 1 root root 744500 Jun 3 13:46 slogin*
[...]
> -rws--x--x 1 root root 744500 Jun 3 13:46 ssh*
[...]

Hint: you'd better have *no* SUID/SGID files in a chroot'd environment!
If you absolutely want them to be able to change their password, you may
do it using some pipe or socket interface hardly filtering parameters.

A "real secured" chroot'd environment is a lot of work... Last time I tried
this it took me a whole month to put together users, config files services
and tools in the most secured & restrictive fashion I was able to imagine.
And some folk still successed to down my workstation-server using a kernel
bug (arround 2.0.3x if I remember well)... Argl! :)

Cheers, J.C.

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- RE: secure file transfer
  - From: José Luis Ledesma <jledesma@competitiveness.com>

Prev by Date: Re: secure file transfer (again)
Next by Date: Re: secure file transfer (again)
Previous by thread: Re: secure file transfer
Next by thread: asynchronous socket error 10060
Index(es):
- Date
- Thread