Re: Passwords in Jails
From: Uwe Doering (gemini@geminix.org)
Date: 02/06/03
- Next message: Doug Barton: "Re: encryption export"
- Previous message: Dag-Erling Smorgrav: "Re: upgraded to 4.7, now can't ssh... (fwd)"
- In reply to: Mike Tancsa: "Re: Passwords in Jails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 06 Feb 2003 11:42:12 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-security@FreeBSD.ORG
Mike Tancsa wrote:
> At 08:43 AM 2/5/2003 +0100, Alex Huth wrote:
>
>> Where can I solve this problem or is there a possibility to manage
>> passwords/public keys of a jail from the basesystem?
>
> Yes, just manipulate the master.passwd file directly from outside your
> jail, or cp your public key to the appropriate authorized_keys2 file, as
> you have access to the entire file system from the base system.
You may want to make sure, though, that the Jail is not running before
you do so. Writing to a Jail from the outside is a major security
headache if it is inhabited by untrusted users. Imagine what happens
when the user does this (or similar things) in his '/etc':
ln -sf /etc/master.passwd master.passwd
You'd end up changing the respective file in your base system. Stopping
the Jail prevents races, so you can inspect files in a safe manner
before you actually change them. Chrooting into the Jail and changing
files from there might help as well:
chroot /path/to/jail/root
Uwe
-- Uwe Doering <gemini@geminix.org> Berlin, Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Doug Barton: "Re: encryption export"
- Previous message: Dag-Erling Smorgrav: "Re: upgraded to 4.7, now can't ssh... (fwd)"
- In reply to: Mike Tancsa: "Re: Passwords in Jails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
