wek@point.UUCP (Bill Kuykendall) (10/15/89)
I'm running ISC 2.0.1 and trying to set up a "padded cell" for bbs callers who want shell privileges. The obvious solution is to use the chroot command or chroot() function to define a file subsystem for them. I've duplicated the /etc, /shlib, /bin, /lib, /usr/lib, and /usr/bin directories under the new root. I've written a small program that does a setuid(0), chroot(path), then execlp's login. Here's the problem: If I edit the /etc/passwd file to exec either the chroot program or my program, it aborts with a 'no shell' error message. If I have a dummy directory with a .profile that exec's chroot /u2 /bin/login, I'm asked for login and password, and informed that there is no utmp entry, and that login must be exec'd from the lowest level shell. If I have a dummy directory with a .profile that exec's my program, I'm asked for a login only and bounced with 'login incorrect' without being asked for a password. Does anybody have this working? Am I going about this all wrong? I've got $700-800 invested in reference manuals, and all I can find are the briefest references to the syntax of the program and c function, with no reference to what's necessary to build a functional environment under the new root. It's a bit frustrating. All suggestions welcome. Thanks in advance. --------------- Bill Kuykendall Chicago, IL USA ...!point!wek wek@point.UUCP
paul@frcs.UUCP (Paul Nash) (10/17/89)
In article <[341]comp.unix.i386@point.UUCP>, wek@point.UUCP (Bill Kuykendall) writes: > I'm running ISC 2.0.1 and trying to set up a "padded cell" for bbs callers > who want shell privileges. The obvious solution is to use the chroot > command or chroot() function to define a file subsystem for them. > [ ... explanation of problems ... ] > Does anybody have this working? Am I going about this all wrong? I've got > $700-800 invested in reference manuals, and all I can find are the briefest > references to the syntax of the program and c function, with no reference to > what's necessary to build a functional environment under the new root. It's > a bit frustrating. In their book: `UNIX(tm) System Security', Patrick Wood & Stephen Kochan have the complete source code for just such a system. I have installed it under Xenix/386 2.2 (:->) in about a day - I think I had to put in one or two patches, but can't remember quite what, and don't have the machine with `restrict' available easily. The book is published by HAYDEN as part of the Hayden Books Unix(tm) Library, ISBN: 0-8104-6267-2. Hayden is: 1-800-428-SAMS. The authors work for (are?) `Pipeline Associates Inc', and the code used in the book can be obtained from ..ihnp4!bellcore!phw5!secure or ..harpo!bellcore!phw5!secure. If the mail has a line starting `SEND_PROGRAMS_TO:' the programs are sent to the uucp address that follows. Addresses must be absolute bang paths, as smail and pathalias are nowhere to be seen. Buy the book - it is well worth it, and gives many hints about securing your system. The authors also deserve some royalties for their code. --------------------------------------------------------------------- ...!uunet!ddsw1!olsa99!tabbs!frcs!paul paul@frcs.UUCP -- --------------------------------------------------------------------- ...!uunet!ddsw1!olsa99!tabbs!frcs!paul paul@frcs.UUCP