chroot command

[Paul Nash]

In article <[341]comp.unix.i386 at point.UUCP>, wek at point.UUCP (Bill Kuykendall) writes:
> I'm running ISC 2.0.1 and trying to set up a "padded cell" for bbs callers
> who want shell privileges.  The obvious solution is to use the chroot
> command or chroot() function to define a file subsystem for them.
>            [ ... explanation of problems ... ] 
> Does anybody have this working?  Am I going about this all wrong?  I've got
> $700-800 invested in reference manuals, and all I can find are the briefest
> references to the syntax of the program and c function, with no reference to
> what's necessary to build a functional environment under the new root.  It's
> a bit frustrating.

In their book: `UNIX(tm) System Security', Patrick Wood & Stephen Kochan
have the complete source code for just such a system. I have installed it
under Xenix/386 2.2 (:->) in about a day - I think I had to put in one or
two patches, but can't remember quite what, and don't have the machine with
`restrict' available easily.

The book is published by HAYDEN as part of the Hayden Books Unix(tm) Library,
ISBN: 0-8104-6267-2. Hayden is: 1-800-428-SAMS. The authors work for (are?)
`Pipeline Associates Inc', and the code used in the book can be obtained
from ..ihnp4!bellcore!phw5!secure or ..harpo!bellcore!phw5!secure. If the
mail has a line starting `SEND_PROGRAMS_TO:' the programs are sent to
the uucp address that follows. Addresses must be absolute bang paths, as
smail and pathalias are nowhere to be seen.

Buy the book - it is well worth it, and gives many hints about securing your
system. The authors also deserve some royalties for their code.

---------------------------------------------------------------------
...!uunet!ddsw1!olsa99!tabbs!frcs!paul                 paul at frcs.UUCP
-- 
---------------------------------------------------------------------
...!uunet!ddsw1!olsa99!tabbs!frcs!paul                 paul at frcs.UUCP