OpenSSH

Daniel Roethlisberger daniel at roe.ch
Wed Jun 26 15:06:09 PDT 2002


On a sidenote, I've been using privsep on multiple boxen since it
hit the stable portable releases, and it works just fine for me.
As for doing harm to the system when compromised with privsep, if
someone knows of some way to actually become root or break out of
the chroot in some way, please speak up. Creating device files is
not possible if the chroot root dir is correctly owned by root and
has mode 755 or similar. And without the ability to create any
files (real ones or devices, whatever) there seems very little you
can actually do to harm the system. But please do correct me if
I'm wrong.

Cheers,
Dan


-- 
   Daniel Roethlisberger <daniel at roe.ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list