[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how do I chroot for users.



(this isn't directly relevant, but I'll reply here once, then off-line)

On Mon, 19 Jan 1998, Cristian Gafton wrote:
> You will be defeated:
> 
> bash$ bash - <<EOF
> > echo "Hello, I can write in bash whatever I damn please."
> > EOF 
> Hello, I can write in bash whatever I damn please.
> bash$ _

  True, true.  You could also do:

bash$ echo "echo hello" > foo
bash$ bash foo
hello

  Which has the added benefit that you only need to write the script
file once.  For actual use, you'd probably want to chroot these users
into somewhere where they didn't have access to an interpreter.
(i.e. sh, perl, tcl...)

  This may be useful for ISPs with a menu-driven interface like a
Freenet, or where the shell in the chroot'd environment was
modified to not execute files.

  What does this get you over just using a restricted shell?  Not
much, admittedly, but it *will* stop people from exploiting the
pentium F00F bug or similar ones, by building an executable image
using "echo".

  i.e. The only real thing it does is stop people from executing
arbitrary machine instructions on your computer, and makes other
attacks more expensive.  This may or may not be useful to you.

  Alan DeKok.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []