DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th November 2008
Dr_Death_UAE's Avatar
Dr_Death_UAE Dr_Death_UAE is offline
BSD Daemon
 
Join Date: Jul 2008
Posts: 9
Thanked 0 Times in 0 Posts
Default read & modify files out side chroot jail

Hello, I set up chroot jail, the jailed user need to read and modify some files on the real system, for example lets say he need to edit /etc/hosts.

I was thinking of useing symbolic link "ln -s", but it doesnt work.

any Idea?
__________________
Theory is when you know all and nothing works.
Practice is when all works and nobody knows why.
In this case we have put together theory and practice: nothing works... and nobody knows why!
(Albert Einstein)
Reply With Quote
  #2   (View Single Post)  
Old 6th November 2008
tingo tingo is offline
Real Name: Torfinn Ingolfsen
Port Guard
 
Join Date: Oct 2008
Location: Oslo, Norway
Posts: 11
Thanked 1 Time in 1 Post
Default

Well, the point of a jail is that you can't escape.
In other words; no way to change things on the outside.
__________________
Torfinn
Reply With Quote
  #3   (View Single Post)  
Old 6th November 2008
Dr_Death_UAE's Avatar
Dr_Death_UAE Dr_Death_UAE is offline
BSD Daemon
 
Join Date: Jul 2008
Posts: 9
Thanked 0 Times in 0 Posts
Default

hmmm, any way around it, thing that can be done by root.

or for example if this user use third party application like oracle, any idea how to make him manage it.
__________________
Theory is when you know all and nothing works.
Practice is when all works and nobody knows why.
In this case we have put together theory and practice: nothing works... and nobody knows why!
(Albert Einstein)

Last edited by Dr_Death_UAE; 6th November 2008 at 07:09 AM.
Reply With Quote
  #4   (View Single Post)  
Old 6th November 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,069
Thanked 198 Times in 156 Posts
Default

You can use mount_nullfs(8) for directories.

You can also use hard links.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 6th November 2008
Dr_Death_UAE's Avatar
Dr_Death_UAE Dr_Death_UAE is offline
BSD Daemon
 
Join Date: Jul 2008
Posts: 9
Thanked 0 Times in 0 Posts
Default

hard links will not work, it cant link between different file systems, for example user jail on:
"/home/jail/" on /dev/hd1
and
"/etc" on /dev/hd4

'ln" will not work.

I am working on AIX server, i will install mount_nullfs and will give it a shot.

Thanks again Carpetsmoker
__________________
Theory is when you know all and nothing works.
Practice is when all works and nobody knows why.
In this case we have put together theory and practice: nothing works... and nobody knows why!
(Albert Einstein)
Reply With Quote
  #6   (View Single Post)  
Old 6th November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

You can have the user specify the modifications and have them stored in a special directory reserved for this.
Then write a cron job, which reads this directory, and does the actual modifications.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot jail FreeBSD "su: who are you?" Dr_Death_UAE FreeBSD Security 0 27th May 2009 07:51 AM
How to modify the ls command? bsdnewbie999 OpenBSD General 9 16th May 2009 08:20 AM
Which light Gui from modify images files? aleunix OpenBSD General 7 15th June 2008 04:32 PM
/etc/rc.* files isn't read properly? mathias OpenBSD General 4 1st June 2008 06:35 PM
How to modify the boot loader? Sunsawe FreeBSD General 5 29th May 2008 05:13 AM


All times are GMT. The time now is 10:07 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick