Bret, On Thu, Dec 11, 2008 at 08:05:13AM -0700, Bret Palsson wrote: > I'm trying to chroot shell access (not sftp) using the ForceComand > internal-sftp OpenSSH_5.1p1 it hangs on: debug2: shell request accepted > on channel 0 [...] > APPS="/bin/bash /bin/cp /usr/bin/dircolors /bin/ls /bin/mkdir /bin/mv / > bin/rm /bin/rmdir /bin/sh /bin/su /usr/bin/groups /usr/bin/id /usr/bin/ > nc /usr/bin/rsync /usr/bin/ssh /usr/bin/scp"
I see that you have /bin/su in your list of programs in the jail... If you're attempting to use the jail as a security measure (rather than just a sandbox), and you're letting people become root via su, you may as well not bother with a chroot jail. It is a trivial matter for root to break out of a chroot jail. http://penguinsecurity.net/wiki/index.php?title=How_to_break_out_of_a_chroot()_jail -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgp6RvEpP2sX6.pgp
Description: PGP signature
