[prev in list] [next in list] [prev in thread] [next in thread] 

List:       scponly
Subject:    Re: [scponly] Second Jail not working...
From:       "mephi" <matthew.j.green () ntlworld ! com>
Date:       2007-02-24 19:56:10
Message-ID: 010701c7584d$d5ff8f90$0800a8c0 () mephiws
[Download RAW message or body]

Yep, that was it. 

The second version was pointing at a different binary. Once I'd changed the
shell to be the same as the others it worked =)

Cheers :-)

Matt

-----Original Message-----
From: Lupe Christoph [mailto:lupe@lupe-christoph.de] 
Sent: 24 February 2007 19:02
To: Paul Hyder
Cc: mephi; scponly@lists.ccs.neu.edu
Subject: Re: [scponly] Second Jail not working...

On Friday, 2007-02-23 at 13:03:04 -0700, Paul Hyder wrote:
> Hmmm, Then the behavior would make sense if the "parents" user was
> executing an scponly binary that wasn't suid.  Next step is to verify
> that the top level password file shell entry points to a binary that
> is root owned and SUID.  {something like using scponly instead of
> scponlyc or two different binaries one of which isn't properly chowned}

You're probably correct. The error message is
	[979]: chroot: Operation not permitted
and my chroot(2) manpage says:
	EPERM  The caller has insufficient privilege.

Can't be a bad path component. That would trigger:
	EACCES Search permission is denied on a component of the path
	prefix.

Lupe Christoph
-- 
| You know we're sitting on four million pounds of fuel, one nuclear     |
| weapon and a thing that has 270,000 moving parts built by the lowest   |
| bidder. Makes you feel good, doesn't it?                               |
| Rockhound in "Armageddon", 1998, about the Space Shuttle               |



[prev in list] [next in list] [prev in thread] [next in thread]