[plug] debian etch + vsftpd does not chroot jail users

Richard Meyer meyerri at westnet.com.au
Fri Apr 18 09:14:53 WST 2008


On Fri, 2008-04-18 at 09:10 +0800, Denis Brown wrote:
> At 07:16 PM 17/04/2008, mccabedj wrote:
> >Richard Meyer wrote:
> >>To prove whether this is correct, bring down the ftp daemon and connect
> >>from windows again - if you can, my supposition is right, and you'll
> >>have to use some other way to jail the client.
> >
> >>>User "badboy" has entry in /etc/passwd like so...
> >>>badboy:x:1002:1002:Bad Boy,,,:/home/badboy/./:/bin/bash
> >
> >I imagine that you could replace /bin/bash with something like
> >    pola-run -B --prog=/bin/bash -fw=/home/badboy
> >after having installed plash from
> >http://plash.beasts.org
> >
> >This would also mean that badboy couldn't escape the jail by doing a plain 
> >ssh.
> Hmmm... sweet :-)
> 
> This has distinct possibilities - thanks for the lead.   As a side issue 
> however I would still like to get vsftpd working as advertised, even if 
> purely to advance my knowledge of their config.
> 
> Meantime a plash download is on today's to-do list.
> 
> Thanks,
> Denis

Close your ssh port and use ftp from your windows box - that should give
you an idea whether it's working as advertised or not.

RM
-- 
Richard Meyer
Necessity is the plea for every infringement of human freedom.
It is the argument of tyrants; it is the creed of slaves. 
William Pitt, 1783

Linux Counter user #306629




More information about the plug mailing list