[ale] Chrooting a user logged in over telnet
Michael Trausch
mike at trausch.us
Mon Aug 20 22:13:13 EDT 2012
Bind-mounting /dev in a chroot is woefully insecure. You don't want the
host's block devices in the chroot unless you don't care. Create the needed
nodes by hand in order to prevent damages. If you don't trust the users in
the chroot, that is.
On Aug 20, 2012 6:22 PM, "Chris Fowler" <cfowler at outpostsentinel.com> wrote:
> On 08/17/2012 08:31 PM, Ted W wrote:
> > service telnet
> > {
> > socket_type = stream
> > protocol = tcp
> > wait = no
> > disable = no
> > user = root
> > port = 23
> > server = /usr/bin/chroot
> > server_args = /chroot /usr/sbin/in.telnetd -h
>
>
> mkdir /chroot/proc
> mkdir /chroot/sys
>
> mount -t bind /proc /chroot/proc
> mount -t bind /dev /chroot/dev
> mount -t bind /dev/pts /chroot/dev/pts
> mount -t bind /sys /chroot/sys
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120820/05961f2f/attachment.html
More information about the Ale
mailing list