Re: chroot, scp and security on RedHat 8.0

From: Fabian Bieker (fabian.bieker@web.de)
Date: 03/05/03

  • Next message: Alan Glover: "Re: Availability of Sendmail fix"
    Date: Wed, 5 Mar 2003 09:16:24 +0100
    From: Fabian Bieker <fabian.bieker@web.de>
    To: focus-linux@securityfocus.com
    
    
    

    On Fri, Feb 28, 2003 at 10:06:29PM -0500, Leland T. Snyder wrote:
    > Q1> If the first line of my /etc/profile traps and ignores all events
    > (including all user generated break/terminate events). Is there still
    > a way
    > to break before the first line of /etc/profile as a user??

    As Seth Arnold said, race conditions sux.

    I would recommend having some small programm that does something like
    this: execve chroot <dir> and then run a bash/busybox/sash etc. and use
    this programm as a login shell.
    You could also add signal handlers to avoid race conditions.

    <--snipp-->
    #include <stdio.h>
    #include <unistd.h>

    int main(void) {

    char *name[4];
    char *env[3];

    name[0]="/usr/sbin/chroot";
    name[1]="/home/moesta/";
    name[2]="/bin/sash";
    name[3]=NULL;

    env[0]="HOME=/home/moesta";
    env[1]="PATH=/home/moesta/bin:/bin";
    env[2]=NULL;

    execve(name[0],name,env);

    return 0;

    }
    <--snapp-->

    sorry for my lame english,

            Fabian Bieker

    -- 
    BOFH excuse #432:
    Borg nanites have infested the server
    
    



  • Next message: Alan Glover: "Re: Availability of Sendmail fix"