Matthew Nuzum wrote: > My 2 cents: > I think many of us agree that it would be interesting to provide this > type of service. (service being jailed/chrooted shell accounts) There > are some possibilities for this in existence now, including (I believe) > freevsd which is often mistaken for a completely different product, > freeBSD.
Funny you should bring that up. A month ago I was ready to open a "jailed/chrooted shell account service using FreeBSD, because of the "jail". I didn't because everyone on the various FreeBSD lists, including those who recommended freeVsd, said I'd be crazy, that I'd spend the rest of my life chasing hackers and crackers. > You would not have to re-write Linux to provide this service, but you > would have to write some type of daemon process that behaves just like > in.telnetd, but is confined to a chrooted area. > > I'm not sure exactly how freevsd does this, but I do know it's probably > not feasible, as it requires a complete 'filesystem within a filesystem' > so that users can have the executables that they desire. Even the freeBSD "jail" command requires this. The only way around it is the way Proftpd does it; by writing the commands (ls, etc.) directly into the command. -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
