The runas program I mentioned is part of Titan Security Toolkit: http://www.trouble.org/titan/
It unfortunately has a special copyright, organizations with more than 300 employees need written permission to use it, and they don't want people adding patches which change or add behavior, only bug fixes. Anyway, it's exactly the same as 'env -i su - user -c', except that it also has a chroot option, and does not require the user to have a valid shell. The package also includes a program named noshell, which is like /sbin/nologin, except that it logs login attempts to syslog. Chrootuid is similar: ftp://ftp.porcupine.org/pub/security/index.html But has a freer copyright. The problem I have with these, and all other chroot tools, is that they run the target program inside the chroot, not outside, so it doesn't work with an empty chroot. named, ntpd, etc, start as root, chroot to an empty directory, then drop root. I can't think of a way to chroot to an empty directory, unless the chroot(2) call is done within the program. The chroot(2) system call doesn't allow for a pid to be chrooted after it is loaded. I think what I'm looking for is a new chroot system call, like chroot_pid: int chroot_pid(const char *path, int pid); In the kernel, it looks like chroot(2) is sys_chroot(), in fs/open.c. I looked at it, and I have no idea how to add pid support to it. Can any of you make something usable enough to submit to kernel.org? or think this not a wise idea? robert
pgpCPEMidJbsw.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
