From: Sandy Drobic (suse-securityjapantest.homelinux.com)
Date: Sat Aug 06 2005 - 18:43:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Huecking wrote:
> On Samstag 06 August 2005 22:17, Sandy Drobic wrote:
>
>>David Huecking wrote:
>>
>>Care to tell why you think this is appropriate in suse-security?
>
> To my mind securing a network-application especially with a tool created by a
> guy who works/ worked for SuSE should be ok in suse-security.

Cute... though it seems that you don't want to secure a program, you want
to get it running. (^-^)

>>>I start mlnet with a start-script which executes:
>>>/usr/sbin/compartment
>>
>>--chroot $CHROOT_PATH
>>
>>I suggest you think about this option (^-^)
>
> Ok, I know that the process is in a chroot-jail.
> But what would I have to put in the chroot-enviroment also? - I started mlnet
> outside a chroot and did a
> lsof -P -T -p <mlnet-PID>>
> and saw that some files from /lib were accessed (even though ldd showed a
> static binary...). I copied them into the chroot,
> added /etc/resolv.conf, /etc/hosts, /etc/nsswitch.conf and a tmp-directory. -
> Didn't work.
> When I did a
> lsof -P -T -p <mlnet-PID>>
> on the chrooted mlnet I didn't see access to files of /lib (not the one in the
> chroot, nor any other).
> Hey, please don't make look to stupid and have a suggestion for me! (-:

I can not help you with mlnet directly but I suggest you do a "strace
mlnet" to see what it might try to access.

Sandy

--
List replies only please!
Please address PMs to: news-reply () japantest (.) homelinux (.) com

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]