Re: chroot, scp and security on RedHat 8.0
From: Fabian Bieker (fabian.bieker@web.de)
Date: 03/05/03
- Previous message: Jon R. Doyle: "Re: Availability of Sendmail fix"
- In reply to: Leland T. Snyder: "chroot, scp and security on RedHat 8.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Mar 2003 09:16:24 +0100 From: Fabian Bieker <fabian.bieker@web.de> To: focus-linux@securityfocus.com
On Fri, Feb 28, 2003 at 10:06:29PM -0500, Leland T. Snyder wrote:
> Q1> If the first line of my /etc/profile traps and ignores all events
> (including all user generated break/terminate events). Is there still
> a way
> to break before the first line of /etc/profile as a user??
As Seth Arnold said, race conditions sux.
I would recommend having some small programm that does something like
this: execve chroot <dir> and then run a bash/busybox/sash etc. and use
this programm as a login shell.
You could also add signal handlers to avoid race conditions.
<--snipp-->
#include <stdio.h>
#include <unistd.h>
int main(void) {
char *name[4];
char *env[3];
name[0]="/usr/sbin/chroot";
name[1]="/home/moesta/";
name[2]="/bin/sash";
name[3]=NULL;
env[0]="HOME=/home/moesta";
env[1]="PATH=/home/moesta/bin:/bin";
env[2]=NULL;
execve(name[0],name,env);
return 0;
}
<--snapp-->
sorry for my lame english,
Fabian Bieker
-- BOFH excuse #432: Borg nanites have infested the server
- application/fixed-873 attachment: stored
- Previous message: Jon R. Doyle: "Re: Availability of Sendmail fix"
- In reply to: Leland T. Snyder: "chroot, scp and security on RedHat 8.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
