Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] pam_chroot
  • From: Volker Kuhlmann <hidden@xxxxxxxxxxxxxxx>
  • Date: Mon, 29 Sep 2003 00:07:28 +1200
  • Message-id: <20030928120728.GB5954@xxxxxxxxxxxxxxx>
Thanks Lars for the summary about pam_chroot, I was wondering whether
it's worth a try, but I conclude not at this point.

> I was pretending to use it on remote ssh users. Now I am having a look at
> jail http://www.dei.inf.uc3m.es/~assman/jail/.

Same here. I gave jail a try, but it's not a sure-fire thing. It somehow
attaches to the binary and tries to work out which libraries are needed
for it, then copies them into a new directory.

(From memory) What I didn't like was that it needed to be run as root,
there should be no reason for this. It missed that all the pam stuff was
needed for sshd. I copied that manually but it still didn't work, and I
haven't had time to get back to it yet. (tcpwrappers??)

Jail was/is worth using, even if it doesn't do a complete job, it's a
start and better than starting from 0.

If you do work out exactly what's needed for a chroot jail for sshd on
SuSE 8.2, please post a file list (or URL to one)!

Thanks,

Volker

--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.

< Previous Next >