[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] pam_chroot
Thanks Lars for the summary about pam_chroot, I was wondering whether
it's worth a try, but I conclude not at this point.
> I was pretending to use it on remote ssh users. Now I am having a look at
> jail http://www.dei.inf.uc3m.es/~assman/jail/.
Same here. I gave jail a try, but it's not a sure-fire thing. It somehow
attaches to the binary and tries to work out which libraries are needed
for it, then copies them into a new directory.
(From memory) What I didn't like was that it needed to be run as root,
there should be no reason for this. It missed that all the pam stuff was
needed for sshd. I copied that manually but it still didn't work, and I
haven't had time to get back to it yet. (tcpwrappers??)
Jail was/is worth using, even if it doesn't do a complete job, it's a
start and better than starting from 0.
If you do work out exactly what's needed for a chroot jail for sshd on
SuSE 8.2, please post a file list (or URL to one)!
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.dnsalias.net/ Please do not CC list postings to me.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here