[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rssh-discuss
Subject:    mkchroot.sh patch to warn about /etc/passwd
From:       Russ Allbery <rra () stanford ! edu>
Date:       2007-04-21 22:57:07
Message-ID: 87fy6ttjy4.fsf () windlord ! stanford ! edu
[Download RAW message or body]

A Debian user requested a warning be added to mkchroot.sh that /etc/passwd
was being copied into the chroot, and it seemed reasonable to me.  Some
sites do put things like telephone numbers and the like into the GECOS
fields or may not want information about non-rssh users to be available in
the chroot.

Debian Bug#366655

Here's a patch:

Index: rssh/mkchroot.sh
===================================================================
--- rssh.orig/mkchroot.sh	2007-04-11 18:40:35.000000000 -0700
+++ rssh/mkchroot.sh	2007-04-11 18:42:51.000000000 -0700
@@ -145,6 +145,9 @@ tar -cf - /lib/libnss_compat* /lib/libns
 #
 
 echo "Setting up /etc in the chroot jail"
+echo -e "\nWARNING: Copying /etc/passwd into the chroot jail.  You may wish"
+echo -e "to edit out unnecessary users and remove any sensitive information"
+echo -e "from it.\n"
 mkdir -p "$jail_dir/etc"
 cp /etc/nsswitch.conf "$jail_dir/etc/"
 cp /etc/passwd "$jail_dir/etc/"

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
rssh-discuss mailing list
rssh-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rssh-discuss

[prev in list] [next in list] [prev in thread] [next in thread]