[scponly] Second Jail not working...
Lupe Christoph
lupe at lupe-christoph.de
Sat Feb 24 14:01:52 EST 2007
On Friday, 2007-02-23 at 13:03:04 -0700, Paul Hyder wrote:
> Hmmm, Then the behavior would make sense if the "parents" user was
> executing an scponly binary that wasn't suid. Next step is to verify
> that the top level password file shell entry points to a binary that
> is root owned and SUID. {something like using scponly instead of
> scponlyc or two different binaries one of which isn't properly chowned}
You're probably correct. The error message is
[979]: chroot: Operation not permitted
and my chroot(2) manpage says:
EPERM The caller has insufficient privilege.
Can't be a bad path component. That would trigger:
EACCES Search permission is denied on a component of the path
prefix.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't it? |
| Rockhound in "Armageddon", 1998, about the Space Shuttle |
More information about the scponly
mailing list