Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] root jail
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Wed, 14 Feb 2001 04:49:23 -0700
  • Message-id: <01e501c0967c$2c9a6180$3200030a@xxxxxxxxxxxx>
>
>Hello list,
>
>Does someone know's a good solution to make a root jail for telnet and SSH
under (of course) Linux? I have to give some users shell acces, but only in
there home directory. By this time I >have a script (sudo + chroot) that run's
when a user logon, but the problem is that a user can interupt this because I
have to start the bash shell first. Is there a other way?

For one thing I wouldn't be using chroot as a security measure. As root you can
trivially break out of it, as a user it's harder but not impossible. There was a
PAM module in the works to do chroot, but it doesn't work and no-one ever fixed
it (asked a few vendors, Vince@Mandrake tried a bit but gave up after a wghile.

>Thanks,
>
>Maarten Oedekerk

-Kurt


< Previous Next >
References