Path: utzoo!utgpu!water!watmath!looking!brad From: brad@looking.UUCP (Brad Templeton) Newsgroups: comp.unix.xenix Subject: Re: Security Keywords: Security Message-ID: <1982@looking.UUCP> Date: 27 Aug 88 18:50:23 GMT References: <4@raider.UUCP> <288@hawkmoon.MN.ORG> Reply-To: brad@looking.UUCP (Brad Templeton) Organization: Looking Glass Software Ltd. Lines: 49 Probably the best way to provide security is to make a mini filesystem and chroot the users to it. You must create directories there like /etc, with a special /etc/passwd and /etc/group file there for the restricted users. Plus a /dev, and a /tmp, a /bin, /usr/bin. In most cases (not passwd) you can just use a link from the real filesystem, as long as the file you want is in the same filesystem as the restricted one. You can give people A vi, a kermit, csh, all those things. Only link in the commands you really want to give restricted users, and take extra care that for any setuid command you provide, that *all the required files and directories* are in place in the /tiny filesystem and not generally writable. Don't forget things like /dev/tty, and /usr/preserve (for vi) although reboot preserve processing won't go on there. Now I haven't investigated it a lot, so maybe there are holes in chroot. Assuming not, however, it should let you custom configure any restricted environment you want. (Some things, like mail and news will be tougher. You will have to include the news lib and spool directories inside the tiny directory, and have special compilations of the news programs.) (If anybody does know a hole in chroot, let me know!) Here's the source for something you can use as the login shell of a restricted user. ---------- /* * Set up a login in the chroot directory */ main( argc, argv, envp ) int argc; char **argv; char **envp; { int ruid; ruid = getuid(); chroot( "/tiny" ); setuid( ruid ); argv[argc] = 0; /* to be sure */ execve( "/bin/csh", argv, envp ); } --------- -- Brad Templeton, Looking Glass Software Ltd. -- Waterloo, Ontario 519/884-7473