I read it as her talking about chroot in general.
On Mon, 27 Sep 1999, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Julian
Elischer writes:
You have to examine ALL fd's in case one has a directory open that is
outside the chroot..
(see man fchdir(2))
We do. See source.
In message [EMAIL PROTECTED], Julian
Elischer writes:
I read it as her talking about chroot in general.
We do. See source. :-)
On Mon, 27 Sep 1999, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Julian
Elischer writes:
You have to examine ALL fd's in case one has a directory
Hello,
I was referring to the practice of chdir-ing
to someplace within the chrooted area right *after* doing the
chroot, before doing anything else. Otherwise, the current
working directory may be pointing to a directory *outside*
the chrooted area. Of course, if you set the current working
Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Julian
Elischer writes:
I read it as her talking about chroot in general.
Yep, I was.
We do. See source. :-)
Are you talking about the new jail() call only, or does this
apply to chroot() (especially in 3.2) ?
(And I am looking in
Alexander Bezroutchko wrote:
And
/proc/PID/status must show this value.
It already does.
...
vm1# cat /proc/$$/status
zsh 480 479 479 440 5,2 ctty 938282449,544330 0,55195 0,55194 pause 0 0
0,0,0,2,3,4,5,20,31 vm1
And your point is? Do the base system or another jail show qwerty too?
I think we are talking about slightly different things.
I know that jailed process can not change base system's hostname.
But it can change it's own. Sometimes it is necessary to obtain
the list of processes which belongs to
Alexander Bezroutchko wrote:
it is possible to escape from jail
Following program escapes from jail (tested under 4.0-19990918-CURRENT):
[snip program code that chroot's but doesn't then chdir inside
the new area]
As we all know, the chroot can be escaped because the sample
program doesn't
Ummm sorry but i think you have goten this backwards it is more secure to
chdir, then chrrot, not chroot then chdir I believe what you have here is
backwards
As we all know, the chroot can be escaped because the sample
program doesn't change the current working directory, and it's
Umm I think you have gotten this backwards, it is more secure to chdir first
then chroot I think you have this backwards. in my virtual environment
i chdir working dir, then chroot... ive not been able to escape my
chrooted jail setup yet. nor have i seen any code that will
I actually currently use
-SNIP - EDITED FOR SECURITY -
syslog (LOG_NOTICE,"Changing directory/root to %s",path
if (chdir (path) || chroot (path)) return 1;
}else{
syslog (LOG_NOTICE,"No ("EDITED FOR SECURITY" )
You have to examine ALL fd's in case one has a directory open that is
outside the chroot..
(see man fchdir(2))
julian
On Sun, 26 Sep 1999, Carol Deihl wrote:
Alexander Bezroutchko wrote:
it is possible to escape from jail
Following program escapes from jail (tested under
In message [EMAIL PROTECTED], Julian
Elischer writes:
You have to examine ALL fd's in case one has a directory open that is
outside the chroot..
(see man fchdir(2))
We do. See source.
--
Poul-Henning Kamp FreeBSD coreteam member
[EMAIL PROTECTED] "Real hackers run
Hello,
I am looking for a way to use jail feature (when it will be back ported to
-STABLE) for providing virtual servers with root access (something like
www.servetheweb.com). Therefore I am investigating this feature more closely.
For now I have encountered following problems:
* ping,
In message [EMAIL PROTECTED], Alexander Bezroutchko writes:
* ping, traceroute doesn't work due to lack of permissionis to create icmp socket.
I think it is simple to make workaround for such problems:
create a daemon listening on a unix domain socket for request from a jail.
Daemon will take
On Sat, Sep 25, 1999 at 05:17:12PM +0400, Alexander Bezroutchko wrote:
* it is possible to escape from jail
Following program escapes from jail (tested under 4.0-19990918-CURRENT):
/* --- start of example - */
#include unistd.h
#include assert.h
const char
On 25 September 1999 at 15:38, Harold Gutch [EMAIL PROTECTED] wrote:
I don't run -CURRENT, so I can't test this - but this is the
standard chroot()-breakout, and you're saying that using it you
can break out of a _jail_ aswell ? Or are you simply mixing up
jail() and chroot() ?
bye,
there is a simplistic way to create chrooted/jailed virtual servers for many clients
domains... without getting into the nasty of bsd code i do it daily with one small
program.. and have all services available to many virtual customers/domains on a box.
that to the customer looks like 1
[CC: trimmied to -hackers, long lines wrapped, and much content deleted]
there is a simplistic way to create chrooted/jailed virtual servers for
many clients
domains... without getting into the nasty of bsd code i do it daily
with one small
program.. and have all services available to
On Sun, Sep 26, 1999 at 03:51:54PM -0500, TrouBle wrote:
there is a simplistic way to create chrooted/jailed virtual servers for many clients
domains... without getting into the nasty of bsd code i do it daily with one
small
program.. and have all services available to many virtual
127.0.0.1 is mapped to the jail address. telnet localhost does what
you'd expect it to.
but bind() to 127.0.0.1 fails ;(
It's called "p_prison-pr_host" and it was there from day #1.
And
/proc/PID/status must show this value.
It already does.
20 matches
Mail list logo
