[Full-disclosure] White Paper - Chrooting sshd
- From: Paul Sebastian Ziegler <psz@xxxxxxxxxxx>
- Date: Fri, 13 Jul 2007 22:04:20 +0200
Sometimes it may become profitable or necessary to jail the ssh daemon
within a chroot. Unluckily there aren't many papers out there that
explain the process of creating an appropriate jail and resolving all
the necessary dependencies and errors.
This paper will show you how to successfully jail sshd itself. Opposed
to many other papers out there it does not try to jail the users after
logging in but rather put the entire daemon into the jail. This approach
is interesting for anybody paranoid enough to want to protect against
remotely exploitable flaws in the used sshd.
Blog-Entry:
https://observed.de/?entnum=55
Download-Area:
https://observed.de/index.html?download
Paper:
https://observed.de/upfiles/chroot_sshd_linux.pdf
Feedback, corrections and constructive criticism are always welcome.
Many Greetings
Paul Sebastian Ziegler
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] [USN-483-1] libnet-dns-perl vulnerabilities
- Next by Date: Re: [Full-disclosure] Youtube.com flagged video age verification bypass. Take 2
- Previous by thread: [Full-disclosure] [USN-483-1] libnet-dns-perl vulnerabilities
- Next by thread: [Full-disclosure] MSIE7 entrapment again (+ FF tidbit)
- Index(es):
Relevant Pages
|
