-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 07 Jun 2004 22:55:51 +0300, Eran Tromer <[EMAIL PROTECTED]> wrote: > > The rule is to always drop root priviliges as soon as possible. Here, > you should do the setuid() and setgid() calls already inside scp_login, > right after the chroot() call. Moreover, the su-scp.abs file isn't > really needed -- you can just continue the work inside scp_login. And > there's no need to manually specify the uid and gid.
I ashamed to admit, that I was not aware that `chroot' was available as a system call. The whole complication of 2 programs was done for executing the `chroot' command. After you opened my eyes, I rewrote it (single program, root sticky which is never exposed, calling bash in restricted mode). Ehud. - -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry -----BEGIN PGP SIGNATURE----- Comment: use http://www.keyserver.net/ to get my key (and others) iD8DBQFAxM2aLFvTvpjqOY0RAuuFAJ0RTIQcQvYJ4zaB87f5IdK8SIcKSwCeOp3G OT8G71lCLRIxmtFqtpKUUg8= =30+Q -----END PGP SIGNATURE----- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
