Re: How to emulate 'chroot /jail/ su httpd -c' ?

From: Tetsuo Handa
Date: Thu Feb 26 2004 - 09:28:03 EST



# Daily digest mail didn't arrive to me yesterday(2/25) and
# today(2/26), may be something is wrong with my mail server.
# Sorry for ignoring thread tree, this is a reply to
http://www.ussg.iu.edu/hypermail/linux/kernel/0402.3/0848.html

Ma*ns Rullga*rd wrote:
> Tetsuo Handa <a5497108@xxxxxxxxxx> writes:
>
> > Hello,
> >
> > Sorry for querying userland program in this list.
> >
> > I have the following line in /etc/rc.d/init.d/httpd
> >
> > daemon chroot /jail/ su httpd -c $httpd $OPTIONS
> >
> > This needs /bin/su after /usr/sbin/chroot, but I don't
> > want to place /bin/su (and related files) in the jail.
> > So, I want to do this with one program.
>
> If you remove the suid bit from the su program in the chroot it should
> be rather harmless.

Oh! What a nice idea!
'chmod 500 /bin/su' is to the purpose.
Thank you.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/