Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP
id AA5710 ; Fri, 01 Jan 93 01:53:23 EST
Xref: sserve comp.unix.bsd:9456 comp.unix.questions:29769
Newsgroups: comp.unix.bsd,comp.unix.questions
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!yale.edu!jvnc.net!darwin.sura.net!convex!rdavis
From: rdavis@convex.com (Ray Davis)
Subject: Re: WEIRD IDEA? (chroot)
Message-ID: <rdavis.725658330@connie.de.convex.com>
Sender: usenet@convex.com (news access account)
Nntp-Posting-Host: connie.de.convex.com
Organization: CONVEX Computer Corporation, Richardson, Tx., USA
References: <1992Dec26.191816.26596@prime.mdata.fi>
Date: Tue, 29 Dec 1992 19:45:30 GMT
X-Disclaimer: This message was written by a user at CONVEX Computer
Corp. The opinions expressed are those of the user and
not necessarily those of CONVEX.
Lines: 53
karttu@mits.mdata.fi (Antti Karttunen) writes about using chroot(2)
for guest login security:
You're in the right direction. I've done this before and it works
fine. In my case, it was a bad idea to replace /bin/foo with a
symlink to /usr/customers/bin/foo, so I either made copies of the
files or I used a local nfs mount. For each filesystem (/usr for
example) I created a /usr/secure directory which had the /usr
heierarchy in it and hard links to the files I needed. If the
directory to be chrooted to was /usr/customers, then I would mount
each secure filesystem under that like:
mount localhost:/usr/secure /usr/customers/usr
This of course will be more overhead than your symlink solution,
but might be useful for things like the mail spool directory.
>chroot function for these special users, in the patched login I'm
>about to hack.
You may not need to hack login if you don't want. Just make these
users have a shell which is a setuid root program that does the
chroot and execs `/bin/login username' again (this will actually
be the /bin/login in the customers heierarchy).
>About devices in /dev, man chroot gives the following warning:
>
> BUGS
> One should exercise extreme caution when referencing device
> files in the new root file system.
This is because two separate device files pointing to the same
device may cause permission problems.
>3) If this chrooting is not so wonderful idea after all, does there
>exist SysV-esque rsh for BSD4.3 anywhere? (I mean the Restricted Shell,
>not Remote Shell). If you answer only to this last question, then
>please do it with mail, and I will then summarize.
An rsh will be much simpler, of course, but perhaps not as secure
since you have to worry not only about chdir and file access in
the shell but in every application you let them use.
We have a s5r2 sh and a ksh under ConvexOS (a 4.* derivative) which
can be used as a restricted rsh. Of course this conflicts with the
BSD rsh networking command if you name them rsh, but you can name
them r*anything*sh (like rksh for example).
Have fun!
Ray
___
Ray Davis Convex Computer GmbH, Frankfurt, Germany
rdavis@masschaos.de.convex.com, CompuServe: 72657,2154, +49-69-666-8081