| 1 |
Vlad "SATtva" Miller wrote: |
| 2 |
> 7v5w7go9ub0o (11.06.2009 23:53): |
| 3 |
>> RijilV wrote: |
| 4 |
>>> 2009/6/10 7v5w7go9ub0o |
| 5 |
>>> <7v5w7go9ub0o-Re5JQEeQqe8AvxtiuMwx3w-XMD5yJDbdMReXY1tMh2IBg@××××××××××××.org>: |
| 6 |
>>>> FWIW, I jail/chroot everything that connects to the net; e.g. |
| 7 |
>>>> browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd |
| 8 |
>>>> ..... everything. |
| 9 |
>>> What are you using to do your chrooting? |
| 10 |
>>> |
| 11 |
>>> .r' |
| 12 |
>>> |
| 13 |
>> A man named Steve Friedl has written much about creating and breaking |
| 14 |
>> out of chroot jails; I use his program "runchroot". |
| 15 |
>> |
| 16 |
>> Here's his home page: |
| 17 |
>> <http://unixwiz.net/techtips/chroot-practices.html#brkout> |
| 18 |
>> |
| 19 |
>> I believe the script can be found in this "registerware" article: "Go |
| 20 |
>> Directly to Jail. Available on all Linux and Unix systems, chroot jails |
| 21 |
>> can secure untrusted applications and make trusted ones almost |
| 22 |
>> impenetrable. HereÃÂÃÂs how to build them." <http://www.linux-mag.com/id/1230> |
| 23 |
> |
| 24 |
> Although there is indeed a link to download the script from that page |
| 25 |
> (http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it |
| 26 |
> leads to 404. But google turned up this: |
| 27 |
> http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c |
| 28 |
> Should there be anything beyond this source file? |
| 29 |
> |
| 30 |
|
| 31 |
Nope.... that's all there is to the wrapper. |
| 32 |
|
| 33 |
gcc runchroot.c -o runchroot |
| 34 |
chown root runchroot |
| 35 |
chmod u+s runchroot |
| 36 |
|
| 37 |
|
| 38 |
HTH |
Archives