[plug] Linux replacing terminal server

Bernard Blackham bernard at blackham.com.au
Thu Apr 3 01:22:07 WST 2003


On Thu, Apr 03, 2003 at 12:17:11AM +0800, Bernd Felsche wrote:
> It's very difficult and involving to setup a chroot gaol that'll
> still talk even telnet through the network.

Mmmm, I beg to differ. I setup the chroot for the networking room at
LCA to allow only certain commands and nothing else and it wasn't
_too_ difficult. (lessons learnt - rbash and rzsh are absolutely
useless)

For your situation - you could put telnet alone in a chroot, setuid
nobody, and it'd be about as secure as you could get! Also, check
out the -E option on telnet.

FWIW, to the jail, there was a tiny bit of pain and a C program
involved but it was a very effective jail. I couldn't find a simpler
method through googling - there were some ways pointed out, but none
of them really solved the problem.

Unfortunately, as with all great things, I never did make a backup
of the chroot or the magic C program, and the machine has since been
repossessed. But, if you or anybody are interested, I'll do it again
and maybe write a mini-HOWTO on it! :)

Regards,

Bernard.

-- 
 Bernard Blackham 
 bernard at blackham dot com dot au



More information about the plug mailing list