[plug] Linux replacing terminal server
Bernard Blackham
bernard at blackham.com.au
Thu Apr 3 01:22:07 WST 2003
On Thu, Apr 03, 2003 at 12:17:11AM +0800, Bernd Felsche wrote:
> It's very difficult and involving to setup a chroot gaol that'll
> still talk even telnet through the network.
Mmmm, I beg to differ. I setup the chroot for the networking room at
LCA to allow only certain commands and nothing else and it wasn't
_too_ difficult. (lessons learnt - rbash and rzsh are absolutely
useless)
For your situation - you could put telnet alone in a chroot, setuid
nobody, and it'd be about as secure as you could get! Also, check
out the -E option on telnet.
FWIW, to the jail, there was a tiny bit of pain and a C program
involved but it was a very effective jail. I couldn't find a simpler
method through googling - there were some ways pointed out, but none
of them really solved the problem.
Unfortunately, as with all great things, I never did make a backup
of the chroot or the magic C program, and the machine has since been
repossessed. But, if you or anybody are interested, I'll do it again
and maybe write a mini-HOWTO on it! :)
Regards,
Bernard.
--
Bernard Blackham
bernard at blackham dot com dot au
More information about the plug
mailing list