[NCLUG] chroot login
John L. Bass
jbass at dmsd.com
Mon Feb 3 03:06:33 MST 2003
Here's what I've come up with. Is this safe? If not, how can it be
compromised? TIA!
I'm not sure about current systems or your specific configuration, but several
interesting attacks on other systems sometimes yeilded unintended results:
1) if the chroot'd users home directory is on a mounted filesystem, and
that filesystem is not mounted for some reason, most systems will
log the user in with the home directory set to "/".
2) some older systems had strange script login behavoir if they could
be ^C'd early enough to abort the script and leave the user in their
designated home directly, which in this case would avoid the chroot.
Replacing the "shell" with a binary that does some sanity checks, then chroot
and execv on the users shell can probably avoid these problems/attacks.
John
More information about the NCLUG
mailing list