[ale] Chrooting a user logged in over telnet

Michael Trausch mike at trausch.us
Mon Aug 20 22:13:13 EDT 2012


Bind-mounting /dev in a chroot is woefully insecure. You don't want the
host's block devices in the chroot unless you don't care. Create the needed
nodes by hand in order to prevent damages. If you don't trust the users in
the chroot, that is.
On Aug 20, 2012 6:22 PM, "Chris Fowler" <cfowler at outpostsentinel.com> wrote:

> On 08/17/2012 08:31 PM, Ted W wrote:
> > service telnet
> > {
> >         socket_type     = stream
> >         protocol        = tcp
> >         wait            = no
> >         disable         = no
> >         user            = root
> >         port            = 23
> >         server          = /usr/bin/chroot
> >         server_args     = /chroot /usr/sbin/in.telnetd -h
>
>
> mkdir /chroot/proc
> mkdir /chroot/sys
>
> mount -t bind /proc /chroot/proc
> mount -t bind /dev /chroot/dev
> mount -t bind /dev/pts /chroot/dev/pts
> mount -t bind /sys /chroot/sys
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120820/05961f2f/attachment.html 


More information about the Ale mailing list