RE: How to bypass /etc/passwd's shell
From: Marcus Zoller (Marcus.Zoller_at_idnt.net)Date: 07/18/01
- Vorherige Nachricht: Boda Karoly jr.: "RE: How to bypass /etc/passwd's shell"
- Als Antwort auf: Boda Karoly jr.: "RE: How to bypass /etc/passwd's shell"
- Nächste im Thread: Jose Nazario: "RE: How to bypass /etc/passwd's shell"
- Antwort: Jose Nazario: "RE: How to bypass /etc/passwd's shell"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
On Wed, 18 Jul 2001, Boda Karoly jr. wrote:
> On Wed, 18 Jul 2001, Andrew Hatfield wrote:
>
> > you could also set the shell to be /bin/rbash
> > rbash is a sym link to /bin/bash
>
> But it's possible to get out from this chroot.
>
> woockie_at_twoflower:~$ cd ..
> rbash: cd: restricted
> woockie_at_twoflower:~$ vi foo
>
> in vi:
> :set shell=/bin/sh
> :shell
> woockie_at_twoflower:~$ cd ..
> woockie_at_twoflower:/home$
>
I don't know if this is what you need (I've didn't read the whole
thread)...
This is somewhat more work but it runs fine and I guess you can't get out
of it:
... you can copy a minimum rootfs to the home
directory... (don't forget to mount /proc inside,
a dummy mtab and fstab, resolv.conf, ...)
create a script, e.g. /bin/rshell with:
#!/bin/sh
/usr/sbin/chroot /home/<user chroot> /bin/bash -login
This becomes the new login shell in /etc/passwd for the
user (must be in /etc/shells allowed), e.g.
dummy:x:500:500:chroot user:/home/dummy:/bin/rshell
The passwd in /home/dummy/etc contains:
dummy:x:500:500::/:/bin/bash
Marcus
PGP Key: http://www.idnt.de/mzoller.txt
The finest in eTransactions http://www.idnt.de
- Vorherige Nachricht: Boda Karoly jr.: "RE: How to bypass /etc/passwd's shell"
- Als Antwort auf: Boda Karoly jr.: "RE: How to bypass /etc/passwd's shell"
- Nächste im Thread: Jose Nazario: "RE: How to bypass /etc/passwd's shell"
- Antwort: Jose Nazario: "RE: How to bypass /etc/passwd's shell"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Relevant Pages
|
|
