[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SSH, SCP, JAIL and "You don't exist, go away!"



On Wednesday 03 September 2003 11:38 pm, Peter Wiersig wrote:
> Duncan Carter wrote:
> > I'm thinking that it requires a verification program that I don't
> > have installed in the chroot.  Am I right/wrong?
>
> Yes, you're right. Does /etc/passwd and /etc/shadow exist in the
> chroot-Environment? It sound like they don't.

I understood that he (Duncan) had these (copied?) in(to) the chrooted
environment. I think these questions/answer point to the right direction
but there is probably some piece of executable not working/found.

Depending on where your system is connected you might try to duplicate
at least the /bin directory contents in the chrooted environment. If it does
not start working add more standard stuff from the non-chrooted environment.
If it starts working this way you know that it is some executable (such as
/bin/login, /bin/bash, /sbin/mingetty etc) or config from /etc. THEN be sure
to remove stuff so that you only have the absolutely necessary remaining
AND you understand what and why it is there (under the chroot environment).

NOTE that this is really bad advice if you can not do this in a secure place,
putting too much stuff under the chroot environment probably more or less
sacrifies its purpose (the security).

guessing,

timo


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here