-
August 20th, 2006, 12:50 AM
#1
Junior Member
CHROOT, home jailed and stuff
Hi
I have to create a shell account on RedHat 9 for a guy that will compile amule on my machine. I just want him not able to wonder around on my machine.
I read this tutorial (http://www.antionline.com/showthread...hreadid=250875) but having compilation rights could get "free out of jail" (see h**p://www.bpfh.net/simes/computing/chroot-break.html)
So now I am stuck and no more ideas... Can you help?
Thanks
-
August 20th, 2006, 01:06 AM
#2
Instead of going to all that trouble, why dont you just use Red Hat Package Manager and install it.
http://dag.wieers.com/packages/amule/
-
August 20th, 2006, 01:58 AM
#3
Junior Member
something similar to what Net2Infinity said.
if you think the guy will try to hack your system or something, why dont you compile amule yourself for him. when you dont trust a person and think he could break out of a chrooted jail, hell....dont give him an account.
-
August 20th, 2006, 04:25 AM
#4
Originally posted here by webDEViL
something similar to what Net2Infinity said.
if you think the guy will try to hack your system or something, why dont you compile amule yourself for him. when you dont trust a person and think he could break out of a chrooted jail, hell....dont give him an account.
I completely agree!
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
August 20th, 2006, 01:46 PM
#5
Junior Member
Do I have to understand that NOBODY has a solution for a secure shell acount?
Please stick to my question. Avoiding it and giving alternative solutions doesn't help me. Let's take the bull by the horns...
-
August 20th, 2006, 04:29 PM
#6
You trust him right? Just give him a normal account,
and change the password when he's finished.
What's he gonna do, elevate his priveliges, get root,
install a rootkit and brag about it on irc?
If he does something harmful, you format and reinstall.
It's a rare individual that can escape the restrictions
of a normal account, much less a chroot jail.
I came in to the world with nothing. I still have most of it.
-
August 20th, 2006, 06:00 PM
#7
Originally posted here by masster
Do I have to understand that NOBODY has a solution for a secure shell acount?
Please stick to my question. Avoiding it and giving alternative solutions doesn't help me. Let's take the bull by the horns...
If you give someone an account on your box, even in a chroot jail there are no guarantees. That being said if he installs the app in the chroot jail, what good is it going to do you? You specifically asked about installing a particular software so doing it yourself seemed like a good option. Obviously you want to give the individual an account for different purposes.
-
August 20th, 2006, 07:42 PM
#8
Junior Member
Originally posted by rcgreen
What's he gonna do, elevate his priveliges, get root, install a rootkit and brag about it on irc?
Please enlighten me (in detail, command by command) HOW is he gonna deploy such catastrophic scenario.
Originally posted by Net2Infinity
If you give someone an account on your box, even in a chroot jail there are no guarantees.
OK then, starting from here, are there ANY OTHER solutions for my problem?
Originally posted by Net2Infinity
That being said if he installs the app in the chroot jail, what good is it going to do you?
He doesn't install ANYTHING. He just compiles latest amule version to RPM binaries for RH9. So that I install them and have amule working on my machine.
Originally posted by Net2Infinity
You specifically asked about installing a particular software so doing it yourself seemed like a good option.
Not when you get into some undocumented compilation errors that even amule forum couldn't solve...
Originally posted by Net2Infinity
Obviously you want to give the individual an account for different purposes.
Dude, you must be God if you know better than me what I'm thinking... I suggest you don't jump so easy to conclusions.
-
August 20th, 2006, 07:46 PM
#9
Okay if you wanted to install amule I sent you the link for the amule as an rpm package. It doesnt get any easier than that as it is already precomplied for red hat 9. Why would you want to go to the trouble of chrooting an account for a friend to complile it for you when it is already an rpm?
-
August 20th, 2006, 07:51 PM
#10
Do I have to understand that NOBODY has a solution for a secure shell acount?
The answer is simple.................go write your own Linux distro, then you can incorporate whatever security measures you like
Please stick to my question. Avoiding it and giving alternative solutions doesn't help me.
If they work, they should. I absolutely despise people coming to me with problems and then having the arrogance to tell me how to solve them. If they are that bloody clever, why don't they go figure it for themselves?
Let's take the bull by the horns
I think that we just have? ..................... additionally, do you think that is a good idea to let someone you apparently don't trust, do development work on what is obviously your live production system? ..................... how can you be sure exactly what they put on there?
In the real World we develop in a test/development environment then migrate the final result to the live, production one. If you do not have that luxury, then move anything sensitive off the machine and reinstall it afterwards.
You should also consider basic human psychology............. if you create an atmosphere of mistrust you will simply be challenging the person to outwit you, and may well create a situation that would otherwise not have arisen.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|