Saugumo paranoja arba Chroot Shell
Tiems kas krapštosi su OpenBSD. Iš programmerio daraus adminu :(
vi /bin/chroot-shell
#!/bin/sh
sudo /usr/sbin/chroot /home/chrooted/$USER /bin/sh
chmod +x /bin/chroot-shell
vi /etc/shells
pridedam
/bin/chroot-shell
useradd -d /tmp -s /bin/chroot-shell usern
passwd: usern
mkdir /home/chrooted/usern
mkdir /home/chrooted/usern/bin
mkdir /home/chrooted/usern/dev
mkdir /home/chrooted/usern/etc
chmod 0511 /home/chrooted/usern/*
cp /bin/sh /home/chrooted/usern/bin
cp /bin/ls /home/chrooted/usern/bin
cp /bin/ln /home/chrooted/usern/bin
cp /bin/cp /home/chrooted/usern/bin
cp /bin/mv /home/chrooted/usern/bin
cp /bin/rm /home/chrooted/usern/bin
labai smagu, kad šitie binarikai nenaudoja jokių libų, kitaip
tektų darkytis su ldd
mknod /home/chrooted/usern/dev/null c 1 0
mknod /home/chrooted/usern/dev/tty c 1 0
chmod 0666 /home/chrooted/usern/dev/*
testuojam chroot /home/chrooted/usern/ /bin/sh
veikia!
exit
cp /etc/group /home/chrooted/usern/etc
cp /etc/passwd /home/chrooted/usern/etc
cp /etc/master.passwd /home/chrooted/usern/etc
patvarkom group, kad liktu tik
wheel:*:0:root
users:*:10:
master.passwd irgi paliekam tik
root:blah_blah_blah:0:0:0:/:/bin/sh
usern:blah_blah_blah:1006:10::/:/bin/sh
pwd_mkdb -d /home/chrooted/usern/etc /home/chrooted/usern/etc/master.passwd
visudo
usern ALL= NOPASSWD: /usr/sbin/chroot /home/chrooted/usern /bin/sh
viskas
Ole! Ole! Ole!