| sean finney on Fri, 3 Oct 2003 01:55:14 -0400 |
|
hi guys, On Mon, Sep 29, 2003 at 08:47:20PM -0400, Will Dyson wrote: > > so i tried doing a bind mount for all of /dev: > > > > mount --bind /dev /chroot/dev > > That really should work. What kernel version are you using? Red Hat Linux release 9 (Shrike) Linux $host 2.4.20-19.9 #1 Tue Jul 15 17:18:13 EDT 2003 i686 i686 i386 GNU/Linux expect-5.38.0-88 having poked at it only a little more, i'm thinking it might have to do with pam and/or permissions in the chroot, but i'm still looking into this. On Thu, Oct 02, 2003 at 03:07:12PM -0400, gabriel rosenkoetter wrote: > On Mon, Sep 29, 2003 at 02:04:23PM -0400, sean finney wrote: > > so i tried doing a bind mount for all of /dev: > > > > mount --bind /dev /chroot/dev > > Now, maybe I'm confused here, but doesn't this completely undermine > the security of chroot(2)? yes, completely. just trying to get it to work first, making sure i wasn't forgetting something from /dev. you can also bind mount files, apparently, though that's less useful in this particular case. On Thu, Oct 02, 2003 at 10:23:28PM -0400, Will Dyson wrote: > > Now, maybe I'm confused here, but doesn't this completely undermine > > the security of chroot(2)? > > Well, the point of that was to try and get something working with his > pty problem. I wonder if he ever got anywhere with that? nope :) On Thu, Oct 02, 2003 at 03:01:35PM -0400, gabriel rosenkoetter wrote: > Does Linux lack a rsh (as in restricted shell, not as in remote > shell)? > > I sure thought bash had an rsh component, and it might do what > you're after without a lot of setup pain. rbash/bash -r is one way, though i don't know enough to compare or contrast it against other restricted shells. as a last resort, i can fall back to trying something like this, but the system has been set up as it is before my time, i'm just supposed to add in this feature, and i have something that ought to work, if only i could get expect to work in a chroot :) sean Attachment:
pgpUu8FDby8ko.pgp
|
|