Re: Jailing SSHd
From: Pat Lashley (patl+freebsd@volant.org)
Date: 06/29/02
- Next message: Andrew McNaughton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
- Previous message: Colin Faber: "Re: apache-worm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jun 2002 18:34:04 -0700 From: Pat Lashley <patl+freebsd@volant.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk>
--On Saturday, June 29, 2002 12:28:35 AM +0200 Poul-Henning Kamp=20
<phk@critter.freebsd.dk> wrote:
> In message <2849830000.1025137373@mccaffrey.phoenix.volant.org>, Pat
> Lashley wr ites:
>>
>> --On Wednesday, June 26, 2002 09:07:36 PM +0200 Poul-Henning Kamp=3D20
>> <phk@critter.freebsd.dk> wrote:
>>
>>> Which reminds me that we should really tweak the code and put it in a
>>> jail instead of a chroot.
>>
>> Careful there. Some of us are using SSH to log into jails running
>> virtual hosting environments. The default installation needs to be able
>> to run if it is already within a jail when sshd is started.
>
> You could just fall back to chroot(2) if jail(2) failed.
My point is that the DEFAULT installation and configuration must Do
The Right Thing whether it is run in a jail or in the main server
environment. An acceptable solution would be a startup script which
was either smart enough to recognize when it is running in a jail,
or which implements a chroot fallback if the attempt to jail the sshd
fails.
-Pat
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Andrew McNaughton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
- Previous message: Colin Faber: "Re: apache-worm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
