On Fri, 06 Feb 2004 21:12:00 +0100, Arne Vogel <[EMAIL PROTECTED]> wrote:
>Also, it seems the linker requires these libraries to be referenced via >symlinks just as in >your ordinary /lib directory. You should be able to just do a "cp -dp >/lib/libnss* lib" (from inside >the chrroot-directory) to make all the NSS libraries available to the >chrooted environment. >Do *not* use ln, as that kind of defeats the purpose of the chroot >environment (an attacker >could open the hard-linked library for write access, and thus compromise >your global /lib >directory). Maybe one day Linux'll support copy-on-write for hard-linked >files... :-) Now it works for anonymous. But I still have the problem of being blind when logging in as normal user. It seems that I have to createt his entire environment for all users I want to be accessible via ftp. I don't really like that, but having anonymous access is sufficient for now. Or is there some way to create a universal chroot environment? BTW: Doing the libs with ln doesn't work anyway, because when you do a chroot, then the root directory is set to the one you specified. So if you have this in your normal environment /lib/libc.so /home/ftp/lib/libc.so -> /lib/libc.so it will in truth point to /home/ftp/lib/libc.so as soon as you do the chroot. Thanks for your help. -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
