[prev in list] [next in list] [prev in thread] [next in thread]
List: scponly
Subject: Re: [scponly] Second Jail not working...
From: "mephi" <matthew.j.green () ntlworld ! com>
Date: 2007-02-24 19:56:10
Message-ID: 010701c7584d$d5ff8f90$0800a8c0 () mephiws
[Download RAW message or body]
Yep, that was it.
The second version was pointing at a different binary. Once I'd changed the
shell to be the same as the others it worked =)
Cheers :-)
Matt
-----Original Message-----
From: Lupe Christoph [mailto:lupe@lupe-christoph.de]
Sent: 24 February 2007 19:02
To: Paul Hyder
Cc: mephi; scponly@lists.ccs.neu.edu
Subject: Re: [scponly] Second Jail not working...
On Friday, 2007-02-23 at 13:03:04 -0700, Paul Hyder wrote:
> Hmmm, Then the behavior would make sense if the "parents" user was
> executing an scponly binary that wasn't suid. Next step is to verify
> that the top level password file shell entry points to a binary that
> is root owned and SUID. {something like using scponly instead of
> scponlyc or two different binaries one of which isn't properly chowned}
You're probably correct. The error message is
[979]: chroot: Operation not permitted
and my chroot(2) manpage says:
EPERM The caller has insufficient privilege.
Can't be a bad path component. That would trigger:
EACCES Search permission is denied on a component of the path
prefix.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't it? |
| Rockhound in "Armageddon", 1998, about the Space Shuttle |
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic