[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache running as root . . . .
- Subject: Re: [cobalt-security] Apache running as root . . . .
- From: Matthew Nuzum <cobalt@xxxxxxxxxxxxx>
- Date: 11 Feb 2002 15:16:02 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
My 2 cents:
I think many of us agree that it would be interesting to provide this
type of service. (service being jailed/chrooted shell accounts) There
are some possibilities for this in existence now, including (I believe)
freevsd which is often mistaken for a completely different product,
freeBSD.
You would not have to re-write Linux to provide this service, but you
would have to write some type of daemon process that behaves just like
in.telnetd, but is confined to a chrooted area.
I'm not sure exactly how freevsd does this, but I do know it's probably
not feasible, as it requires a complete 'filesystem within a filesystem'
so that users can have the executables that they desire. (obviously,
any executables outside of the chroot area are inaccessible) Maybe with
judicious use of hardlinking, this would be possible (except that /usr
is on a different filesystem than /home making hard links impossible).
I'm going to get around to installing freevsd soon. If you really want
to allow your users to have safe shell access to the server, then maybe
you should too.
Matt Nuzum
P.S. maybe freevsd is installable on Cobalt Raqs?
On Mon, 2002-02-11 at 12:59, Jeff Lasman wrote:
Michael Stauber wrote:
> Correct, ProFTPd does this. However, it would be very desireable if SSH and
> Telnet would do so by default as well.
And you're suggesting we rewrite linux how, Michael <wry grin>?
You can jail each customer into his/her own space, (the virtual server
approach), and yes, you might want to do that. But it's not something
that the RaQ does. Or will do, likely.
See "man jail" on a freeBSD system <smile>.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security