OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] ssh with chroot ?
From: Roman Drahtmueller (drahtuni-freiburg.de)
Date: Fri Mar 03 2000 - 13:03:33 CST

> You have to set up a complete root filesystem with
> all the needed directories and files (/sbin /etc ...)
> in the chrooted directory.
>
> Hope, that someone can give a minimum list of that.
>
> Bernhard Mackert

You need all libraries including the linker (/lib/ld-linux.so.2) and the
ld.so.cache in /etc that are needed/linked into the binaries you want to
use. The libs can be seen using `ldd binary-file'.

Additionally, some libraries need files such as /etc/passwd, /etc/group
and others as well as the terminfo database under /usr/share/terminfo or
the timezone description file. Use strace to find out what's missing if
the process won't complain loud enough. It's a nice piece of work, but
it's possible.
On the other hand, you could install a whole system into a directory
(under SuSE, newer versions of yast support this). You could use this
directory to host a chroot()ed process.

Be aware that running a process under root privileges renders the whole
prison porous since a breakout is trivial once you can use
chroot(2) within an already chroot()ed environment.

Roman. 

-- 
 _                                                                   _
| Roman Drahtmüller               "Freedom means that you can choose  |
  CC University of Freiburg        what you want to learn at a given  
| email: drahtuni-freiburg.de     time."            A. Becker, 1999  |
 -                                                                   -
People often find it easier to be a result of the past than a cause of
the future.

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com