Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] SSH, SCP, JAIL and "You don't exist, go away!"
  • From: Holger Schletz <h.schletz@xxxxxxxxx>
  • Date: Thu, 4 Sep 2003 10:55:45 +0200
  • Message-id: <200309041055.45170.h.schletz@xxxxxxxxx>
Hi,

One more thing to add: the necessary libraries needed by the chrooted
programs. Even better: recompile these binaries as static.

Regards,
Holger


Am Donnerstag, 4. September 2003 07:02 schrieb timo:
> On Wednesday 03 September 2003 11:38 pm, Peter Wiersig wrote:
> > Duncan Carter wrote:
> > > I'm thinking that it requires a verification program that I don't
> > > have installed in the chroot. Am I right/wrong?
> >
> > Yes, you're right. Does /etc/passwd and /etc/shadow exist in the
> > chroot-Environment? It sound like they don't.
>
> I understood that he (Duncan) had these (copied?) in(to) the chrooted
> environment. I think these questions/answer point to the right direction
> but there is probably some piece of executable not working/found.
>
> Depending on where your system is connected you might try to duplicate
> at least the /bin directory contents in the chrooted environment. If it
> does not start working add more standard stuff from the non-chrooted
> environment. If it starts working this way you know that it is some
> executable (such as /bin/login, /bin/bash, /sbin/mingetty etc) or config
> from /etc. THEN be sure to remove stuff so that you only have the
> absolutely necessary remaining AND you understand what and why it is there
> (under the chroot environment).
>
> NOTE that this is really bad advice if you can not do this in a secure
> place, putting too much stuff under the chroot environment probably more or
> less sacrifies its purpose (the security).
>
> guessing,
>
> timo


< Previous Next >