LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-09-2003, 02:23 PM   #1
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Rep: Reputation: 15
Red face chroot jail question


Im trying to work out kinks in my rootjail, when running ps i get this error

Signal 11 caught by ps (procps version 3.1.6).
Please send bug reports to <acahalan@cs.uml.edu>

I have been unable to trace this error down, any ideas. i seem to have all the libs required what could i be missing?
 
Old 11-09-2003, 02:25 PM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
Have you tried a `strace ps`? This should help you find out what is happening. Don't forget that ps relies heavily on /proc (which is probably not available in your chroot jail).

--jeremy
 
Old 11-10-2003, 11:35 AM   #3
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Original Poster
Rep: Reputation: 15
yea i didnt have it mounted, i fixed that. But i have another question. I basically cp'd the whole /etc dir over. can i get rid or all the system configs like rc.* and host.* configs in the jail etc dir, will that hurt anything? And can I rm the entries in the jailed passwd and shadow file that do not pertain to the jail users? like ftp: and at: entries?
thanks, jason.
 
Old 11-10-2003, 12:14 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
yea i didnt have it mounted, i fixed that.
Note /proc should ONLY be mounted for troubleshooting purposes.
If your jailed app needs /proc, then you should first look for alternatives.
Unrestricted and unprotected /proc access is one of the ways to get out of a chroot.


I basically cp'd the whole /etc dir over.
That ain't the "proper" way to set up a chroot.
Check out the LQ FAQ: Security references, post #4 "Chroot, chrooting, jailing, comparimization", for SW to help you populate your chroot if you don't need/use a HOWTO. I prefer using http://www.gsyc.inf.uc3m.es/~assman/jail as it automates populating most of the time, then tweak auth/config manually and test. If you didn't read a HOWTO on chrooting you should, it's easy to make mistakes.


And can I rm the entries in the jailed passwd and shadow file that do not pertain to the jail users? like ftp: and at: entries?
If they don't own files or have no other business in the chroot: yes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 01:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 05:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 02:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 03:12 AM
chroot jail simon Linux - Security 3 08-05-2001 08:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration