chrooting/jailing transfer-only accounts
Dan Astoorian
djast at cs.toronto.edu
Tue May 28 04:20:42 EST 2002
On Mon, 27 May 2002 10:34:33 EDT, I wrote:
>
> Note: the above is completely untested! [...]
...in fact, it wasn't even _proofread_. :-(
Now that I've had my morning coffee, this is a little closer to what I
had in mind. It's still not well-tested, but it's not quite as
spectacularly wrong.
#define JAIL "/path/to/jail"
#define SHELL "/bin/sh"
int main(int argc, char **argv) {
if (chroot(JAIL) != 0) {
perror("chroot");
} else if (chdir("/") != 0) {
perror("chdir");
} else if (setuid(getuid()) != 0) {
perror("setuid");
} else {
execv(SHELL, argv);
perror("execv");
}
exit(1);
}
My apologies for not paying attention. <blush>
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and lost than never loved at all. It's
djast at cs.toronto.edu not, it's better to have loved and won. All
www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
More information about the openssh-unix-dev
mailing list