-
November 14th, 2003, 03:45 AM
#11
Senior Member
big thx, it's very usefull for a *nix noob like me
-
May 20th, 2005, 10:40 PM
#12
Junior Member
Re: chroot shell tutorial
Hey, nice tut, but I got one error:
Sorry, user luser is not allowed to execute '/usr/sbin/chroot /home/luser /bin/su luser' as root on localhost.localdomain.
I'm quite newbie in linux and I have no idea, whats the problem
I use Debian
-
May 21st, 2005, 01:18 AM
#13
Re: chroot shell tutorial
There is an error in the chrootshell script provided here..
PARAS should be PARAMETERS
and the two sudo lines should have su - $USER instead of su $USER
the board doesn't allow editing afer so-and-so many days..
An up to date version is always available here: http://intmainvoid.nl/?chroot+shell
Let me know if this helps..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
May 21st, 2005, 05:23 AM
#14
Using sudo to execute the chroot is a bad move. The same thing can be accomplished with a wrapper written in C which will drop privs and launch the child process without adding the user to the sudoers list. Relying on Chroot restrictions in linux w/o better kernel restrictiions such as GrSec or FreeBSD's jailer is foolish.
-Maestr0
Its a nice walkthrought though.
EDIT: A few things...
"grep root /etc/passwd >> etc/passwd" : if not using shadow passwords root pw hash is copied into (jailed)etc/passwd
hostname is capped
In Debian:
libacl.so.1
libattr.so.1
libpam.so.0
libpam_misc.so.0
also required in jail
Plus the sloppy chrooting will piss of PAM
In conclusion:
"
root@Kilgore:/# whoami
root
root@Kilgore:/# su luser
luser@Kilgore:/$ sudo /usr/sbin/chroot /home/luser
bash-2.05b# ls
bin dev etc home lib tmp usr
bash-2.05b# cd home
bash-2.05b# ls
luser
bash-2.05b# cd luser/
bash-2.05b# ls
chroot-break
bash-2.05b# ./chroot-break
root@Kilgore:/#
"
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
May 21st, 2005, 10:17 AM
#15
yeah.. I have had some fun with root jail breaking stuff..
But without gcc etc in the chroot enviroment and with kernel patches (pax and some others) in place it's rather hard..
If you have some info on how to do such a thing with a pam based (not shadow based) system I'd really like to read that..
Also information on such a C program (instead of sudo which I still think is ugly) would be apreciated.
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
May 21st, 2005, 07:35 PM
#16
Junior Member
sorry, but I got still the same error in debian
Sorry, user luser is not allowed to execute '/usr/sbin/chroot /home/luser /bin/su - luser' as root on localhost.localdomain.
where might be the problem?
-
September 2nd, 2005, 05:49 PM
#17
Junior Member
Hello,
I tried this tutorial, thank you. It has really helped me learn a few things. But not enough eveidently when I log in as the user I set up I can see by my logs that access is succesful but I get an error right away:
myuser@localhost's password:
/bin/chrootshell: Exec format error
Connection to localhost closed.
Now, I did this on Mandrake (Mandriva) 10.1. official. There could be distro specific issues I am sure. If you have any insight I would really appreciate the help.
Thanks!
-
September 3rd, 2005, 03:05 PM
#18
Perhaps you should try jailkit
It seems to work a lot better then my example..
The above tutorial doesn't work on PAM authenticated linux distro's (Don't know about Mandriva)
http://olivier.sessink.nl/jailkit/ho...oot_shell.html
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
September 4th, 2005, 12:56 AM
#19
JinX, it's been said earlier in this thread, it would be great if you wrote a tut on shell scripting.
there's a bunch on the internet but one is harder than the next for beginners to understand.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|