chroot command

Paul Nash paul at frcs.UUCP
Tue Oct 17 05:20:10 AEST 1989

In article <[341]comp.unix.i386 at point.UUCP>, wek at point.UUCP (Bill Kuykendall) writes:
> I'm running ISC 2.0.1 and trying to set up a "padded cell" for bbs callers
> who want shell privileges.  The obvious solution is to use the chroot
> command or chroot() function to define a file subsystem for them.
>            [ ... explanation of problems ... ] 
> Does anybody have this working?  Am I going about this all wrong?  I've got
> $700-800 invested in reference manuals, and all I can find are the briefest
> references to the syntax of the program and c function, with no reference to
> what's necessary to build a functional environment under the new root.  It's
> a bit frustrating.

In their book: `UNIX(tm) System Security', Patrick Wood & Stephen Kochan
have the complete source code for just such a system. I have installed it
under Xenix/386 2.2 (:->) in about a day - I think I had to put in one or
two patches, but can't remember quite what, and don't have the machine with
`restrict' available easily.

The book is published by HAYDEN as part of the Hayden Books Unix(tm) Library,
ISBN: 0-8104-6267-2. Hayden is: 1-800-428-SAMS. The authors work for (are?)
`Pipeline Associates Inc', and the code used in the book can be obtained
from ..ihnp4!bellcore!phw5!secure or ..harpo!bellcore!phw5!secure. If the
mail has a line starting `SEND_PROGRAMS_TO:' the programs are sent to
the uucp address that follows. Addresses must be absolute bang paths, as
smail and pathalias are nowhere to be seen.

Buy the book - it is well worth it, and gives many hints about securing your
system. The authors also deserve some royalties for their code.

...!uunet!ddsw1!olsa99!tabbs!frcs!paul                 paul at frcs.UUCP
...!uunet!ddsw1!olsa99!tabbs!frcs!paul                 paul at frcs.UUCP

More information about the Comp.unix.i386 mailing list