chroot command
Paul Nash
paul at frcs.UUCP
Tue Oct 17 05:20:10 AEST 1989
In article <[341]comp.unix.i386 at point.UUCP>, wek at point.UUCP (Bill Kuykendall) writes:
> I'm running ISC 2.0.1 and trying to set up a "padded cell" for bbs callers
> who want shell privileges. The obvious solution is to use the chroot
> command or chroot() function to define a file subsystem for them.
> [ ... explanation of problems ... ]
> Does anybody have this working? Am I going about this all wrong? I've got
> $700-800 invested in reference manuals, and all I can find are the briefest
> references to the syntax of the program and c function, with no reference to
> what's necessary to build a functional environment under the new root. It's
> a bit frustrating.
In their book: `UNIX(tm) System Security', Patrick Wood & Stephen Kochan
have the complete source code for just such a system. I have installed it
under Xenix/386 2.2 (:->) in about a day - I think I had to put in one or
two patches, but can't remember quite what, and don't have the machine with
`restrict' available easily.
The book is published by HAYDEN as part of the Hayden Books Unix(tm) Library,
ISBN: 0-8104-6267-2. Hayden is: 1-800-428-SAMS. The authors work for (are?)
`Pipeline Associates Inc', and the code used in the book can be obtained
from ..ihnp4!bellcore!phw5!secure or ..harpo!bellcore!phw5!secure. If the
mail has a line starting `SEND_PROGRAMS_TO:' the programs are sent to
the uucp address that follows. Addresses must be absolute bang paths, as
smail and pathalias are nowhere to be seen.
Buy the book - it is well worth it, and gives many hints about securing your
system. The authors also deserve some royalties for their code.
---------------------------------------------------------------------
...!uunet!ddsw1!olsa99!tabbs!frcs!paul paul at frcs.UUCP
--
---------------------------------------------------------------------
...!uunet!ddsw1!olsa99!tabbs!frcs!paul paul at frcs.UUCP
More information about the Comp.unix.i386
mailing list