[NCLUG] chroot login

John L. Bass jbass at dmsd.com
Mon Feb 3 03:06:33 MST 2003


	Here's what I've come up with.  Is this safe?  If not, how can it be
	compromised?  TIA!

I'm not sure about current systems or your specific configuration, but several
interesting attacks on other systems sometimes yeilded unintended results:

	1) if the chroot'd users home directory is on a mounted filesystem, and
	   that filesystem is not mounted for some reason, most systems will
	   log the user in with the home directory set to "/".

	2) some older systems had strange script login behavoir if they could
	   be ^C'd early enough to abort the script and leave the user in their
	   designated home directly, which in this case would avoid the chroot.

Replacing the "shell" with a binary that does some sanity checks, then chroot
and execv on the users shell can probably avoid these problems/attacks.

John



More information about the NCLUG mailing list