[plug] debian etch + vsftpd does not chroot jail users

Richard Meyer meyerri at westnet.com.au
Fri Apr 18 09:14:53 WST 2008

On Fri, 2008-04-18 at 09:10 +0800, Denis Brown wrote:
> At 07:16 PM 17/04/2008, mccabedj wrote:
> >Richard Meyer wrote:
> >>To prove whether this is correct, bring down the ftp daemon and connect
> >>from windows again - if you can, my supposition is right, and you'll
> >>have to use some other way to jail the client.
> >
> >>>User "badboy" has entry in /etc/passwd like so...
> >>>badboy:x:1002:1002:Bad Boy,,,:/home/badboy/./:/bin/bash
> >
> >I imagine that you could replace /bin/bash with something like
> >    pola-run -B --prog=/bin/bash -fw=/home/badboy
> >after having installed plash from
> >http://plash.beasts.org
> >
> >This would also mean that badboy couldn't escape the jail by doing a plain 
> >ssh.
> Hmmm... sweet :-)
> This has distinct possibilities - thanks for the lead.   As a side issue 
> however I would still like to get vsftpd working as advertised, even if 
> purely to advance my knowledge of their config.
> Meantime a plash download is on today's to-do list.
> Thanks,
> Denis

Close your ssh port and use ftp from your windows box - that should give
you an idea whether it's working as advertised or not.

Richard Meyer
Necessity is the plea for every infringement of human freedom.
It is the argument of tyrants; it is the creed of slaves. 
William Pitt, 1783

Linux Counter user #306629

More information about the plug mailing list