[plug] debian etch + vsftpd does not chroot jail users
Richard Meyer
meyerri at westnet.com.au
Fri Apr 18 09:14:53 WST 2008
On Fri, 2008-04-18 at 09:10 +0800, Denis Brown wrote:
> At 07:16 PM 17/04/2008, mccabedj wrote:
> >Richard Meyer wrote:
> >>To prove whether this is correct, bring down the ftp daemon and connect
> >>from windows again - if you can, my supposition is right, and you'll
> >>have to use some other way to jail the client.
> >
> >>>User "badboy" has entry in /etc/passwd like so...
> >>>badboy:x:1002:1002:Bad Boy,,,:/home/badboy/./:/bin/bash
> >
> >I imagine that you could replace /bin/bash with something like
> > pola-run -B --prog=/bin/bash -fw=/home/badboy
> >after having installed plash from
> >http://plash.beasts.org
> >
> >This would also mean that badboy couldn't escape the jail by doing a plain
> >ssh.
> Hmmm... sweet :-)
>
> This has distinct possibilities - thanks for the lead. As a side issue
> however I would still like to get vsftpd working as advertised, even if
> purely to advance my knowledge of their config.
>
> Meantime a plash download is on today's to-do list.
>
> Thanks,
> Denis
Close your ssh port and use ftp from your windows box - that should give
you an idea whether it's working as advertised or not.
RM
--
Richard Meyer
Necessity is the plea for every infringement of human freedom.
It is the argument of tyrants; it is the creed of slaves.
William Pitt, 1783
Linux Counter user #306629
More information about the plug
mailing list