Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Secure Shell
Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 23 2008 08:15PM
D M (dm mlist gmail com) (2 replies)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 11:14PM
Jon Kibler (Jon Kibler aset com) (1 replies)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 11:24PM
D M (dm mlist gmail com) (1 replies)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 25 2008 05:48PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 28 2008 02:56PM
D M (dm mlist gmail com) (1 replies)
here is a listing of my etc directory inside the jail:
ls -la
total 916
drwxr-xr-x 3 0 0 4096 Jul 28 14:31 .
drwxr-xr-x 18 0 0 4096 Jul 28 14:35 ..
-rw-r--r-- 1 0 0 11 Jul 22 17:00 group
-r-------- 1 0 0 555 Jul 28 14:31 gshadow
-rwxr-xr-x 1 0 0 245 Jul 22 17:00 hosts
-rwxr-xr-x 1 0 0 24120 Jul 22 17:00 ld.so.cache
-rwxr-xr-x 1 0 0 28 Jul 22 17:00 ld.so.conf
drwxr-xr-x 2 0 0 4096 Jul 22 17:00 ld.so.conf.d
-rw-r--r-- 1 0 0 1696 Jul 22 17:00 nsswitch.conf
-rw-r--r-- 1 0 0 144 Jul 24 17:04 passwd
-rwxr-xr-x 1 0 0 66 Jul 22 17:00 resolv.conf
-r-------- 1 0 0 1607 Jul 28 14:30 shadow
-rw-r--r-- 1 0 0 807103 Jul 22 17:00 termcap

As you can see all required files are there and have proper
permissions. I've copied over everything from /usr/lib into the jail
as well. However is still not properly doing the translation of uid to
name or guid to name.

dm

On Fri, Jul 25, 2008 at 12:48 PM, Greg Wooledge <wooledg (at) eeg.ccf (dot) org [email concealed]> wrote:
> On Thu, Jul 24, 2008 at 06:24:20PM -0500, D M wrote:
>> Yeah I though maybe permissions but I also adjusted those. This is
>> whats really strange look at the output of this:
>>
>> #ls -la /etc
>> total 900
>> drwxr-xr-x 3 0 0 4096 Jul 24 17:04 .
>> drwxr-xr-x 17 0 0 4096 Jul 22 17:00 ..
>> -rw-r--r-- 1 0 0 11 Jul 22 17:00 group
>
>> it doesn't even seem to be able to translate the name/groups in the
>> directory listing.
>
> ls calls upon getpwuid() to convert the numeric UID and GID into
> human-readable names like "root". getpwuid() and friends are libc
> functions that use OS-specific methods to do the lookups.
>
> On most modern systems, it will look for /etc/nsswitch.conf first, and
> that will tell it what overall scheme is being used for the mapping
> (NIS, NIS+, regular passwd files, etc.). Based on that, it will consult
> the appropriate scheme's resources (/etc/passwd, or open a connection to
> ypbind, or whatever) to get the actual answers.
>
> So, as others have already said, you need to ensure that the following
> files exist and are readable WITHIN the chroot jail:
>
> /etc/nsswitch.conf
> /etc/passwd
> /etc/group
>
> There may or may not be others, depending on your OS and how you
> configured things. For example, on Linux, you might also need an
> /etc/shadow file. On OpenBSD, you might also need an /etc/master.passwd
> file which is then converted into an /etc/pwd.db file. And so on.
>

[ reply ]
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 29 2008 08:12AM
Vladimir Levijev (vladimir levijev gmail com) (1 replies)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 29 2008 08:50PM
D M (dm mlist gmail com)
Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 07:41PM
Vladimir Levijev (vladimir levijev gmail com)







 

Privacy Statement
Copyright 2008, SecurityFocus