[scponly] why won't 'find' work in the chroot ?
Kaleb Pederson
kibab at icehouse.net
Sat Sep 23 14:36:02 EDT 2006
On Friday 22 September 2006 11:52 am, Ensel Sharon wrote:
> On Thu, 21 Sep 2006, Kaleb Pederson wrote:
> > On Thursday 21 September 2006 12:17 pm, Ensel Sharon wrote:
> > > I hacked the find command into scponly.c ...
> >
> > And I'm sure you disallowed -exec and anything else that might be
> > dangerous!
>
> Well, I'm considering it, but -exec would only offer execution of the
> binaries that are already a) allowed by scponly, and b) present in the
> chroot...
>
> Or am I wrong and it would allow execution of any binary that the user
> puts into the chroot, but would still be limited in scope of action to the
> chroot ?
Correct, with the exception that if there ends up being a kernel exploit,
etc., it's possible that they could break out of the chroot :(
> > > So when I run:
> > >
> > > ssh user at host find /user
> >
> > What does /user have to do with /home above? Are you assuming they are
> > already chrooted to their home directory? Why would /user exist below
> > their home directory then?
>
> Well ... again, /home is their home directory, in terms of the passwd
> files, but they cant touch that dir - only traverse through
> it. So when they do things remotely over ssh, they cannot use plain "/",
> they have to specify their "incoming" dir, hence:
>
> ssh user at host find /user
>
> (which would run find on /home/user)
What do you get for output when you run `ssh user at host ls -al /user`?
How about `ssh user at host ls -al /`?
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060923/c339e5c8/attachment.bin
More information about the scponly
mailing list