Re: [Jailkit-users] chroot support for freenx-server

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] chroot support for freenx-server

From:	Hi
Subject:	Re: [Jailkit-users] chroot support for freenx-server
Date:	Thu, 20 Mar 2008 10:48:11 -0700 (PDT)

I beleive I got lucky finding the right sshd pid to
attach to.  Here is some output that you may see
similarities in from your past work.  This is the
first time I've looked at it.  This transpired from
the second I clicked Login on the client until it
exited without success.  Both the user and nx have
/bin/bash in jail.

address@hidden ~]# tail -f /tmp/trace-all.1837
select(7, [3 4], NULL, NULL, NULL)      = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(4934),
sin_addr=inet_addr("68.149.246.185")}, [16]) = 5
fcntl64(5, F_GETFL)                     = 0x2 (flags
O_RDWR)
pipe([6, 7])                            = 0
socketpair(PF_FILE, SOCK_STREAM, 0, [8, 9]) = 0
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7fd5918) = 21347
close(7)                                = 0
write(8, "\0\0\2t\0", 5)                = 5
write(8, "\0\0\2k\n\n\n\n\n\n\n\n\n\n\n\nPort 22\nPort
69\n"..., 627) = 627
close(8)                                = 0
close(9)                                = 0
close(5)                                = 0
select(7, [3 4 6], NULL, NULL, NULL)                  
             = 1 (in [6])
close(6)     = 0
select(7, [3 4], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(36493),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
fcntl64(5, F_GETFL)                     = 0x2 (flags
O_RDWR)
pipe([6, 7])                            = 0
socketpair(PF_FILE, SOCK_STREAM, 0, [8, 9]) = 0
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7fd5918) = 21401
close(7)                                = 0
write(8, "\0\0\2t\0", 5)                = 5
write(8, "\0\0\2k\n\n\n\n\n\n\n\n\n\n\n\nPort 22\nPort
69\n"..., 627) = 627
close(8)                                = 0
close(9)                                = 0
close(5)                                = 0
select(7, [3 4 6], NULL, NULL, NULL)                  
             = 1 (in [6])
close(6)     = 0
select(7, [3 4], NULL, NULL, NULL) = ? ERESTARTNOHAND
(To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}],
WNOHANG) = 21401
waitpid(-1, 0xbfe3c148, WNOHANG)        = 0
rt_sigaction(SIGCHLD, NULL, {0x800077d0, [], 0}, 8) =
0
sigreturn()                             = ? (mask now
[])
select(7, [3 4], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(36495),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
fcntl64(5, F_GETFL)                     = 0x2 (flags
O_RDWR)
pipe([6, 7])                            = 0
socketpair(PF_FILE, SOCK_STREAM, 0, [8, 9]) = 0
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7fd5918) = 21565
close(7)                                = 0
write(8, "\0\0\2t\0", 5)                = 5
write(8, "\0\0\2k\n\n\n\n\n\n\n\n\n\n\n\nPort 22\nPort
69\n"..., 627) = 627
close(8)                                = 0
close(9)                                = 0
close(5)                                = 0
select(7, [3 4 6], NULL, NULL, NULL)                  
             = 1 (in [6])
close(6)     = 0
select(7, [3 4], NULL, NULL, NULL) = ? ERESTARTNOHAND
(To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}],
WNOHANG) = 21565
waitpid(-1, 0xbfe3c148, WNOHANG)        = 0
rt_sigaction(SIGCHLD, NULL, {0x800077d0, [], 0}, 8) =
0
sigreturn()                             = ? (mask now
[])
select(7, [3 4], NULL, NULL, NULL) = ? ERESTARTNOHAND
(To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}],
WNOHANG) = 21347
waitpid(-1, 0xbfe3c148, WNOHANG)        = 0
rt_sigaction(SIGCHLD, NULL, {0x800077d0, [], 0}, 8) =
0
sigreturn()                             = ? (mask now
[])
select(7, [3 4], NULL, NULL, NULL
address@hidden ~]#                

--- Olivier Sessink <address@hidden>
wrote:

> Hi wrote:
> >  As it is using /bin/bash with the Jailkit
> > user is not secure and I still dont' have working
> > jk_lsh.ini and jk_chrootsh.ini [DEFAULT]
> > configurations.
> 
> I think freenx requires bash as shell. AFAIK it
> won't work with other 
> shells, especially not a shell that denies almost
> every command like jk_lsh.
> 
> jk_lsh is not designed to be a fully compatible
> shell that understands 
> constructs like * {} ? && or ||
> 
> regards,
>       Olivier
> 
> 
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
>
http://lists.nongnu.org/mailman/listinfo/jailkit-users
> 



      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] chroot support for freenx-server, Hi, 2008/03/18
- [Jailkit-users] still proving chroot for freenx, Hi, 2008/03/19
  - Re: [Jailkit-users] still proving chroot for freenx, Olivier Sessink, 2008/03/20
- Re: [Jailkit-users] chroot support for freenx-server, Olivier Sessink, 2008/03/20
  - Re: [Jailkit-users] chroot support for freenx-server, Hi <=
    - Re: [Jailkit-users] chroot support for freenx-server, Olivier Sessink, 2008/03/21

Prev by Date: Re: [Jailkit-users] jk_chrootsh.ini not working
Next by Date: Re: [Jailkit-users] chroot support for freenx-server
Previous by thread: Re: [Jailkit-users] chroot support for freenx-server
Next by thread: Re: [Jailkit-users] chroot support for freenx-server
Index(es):
- Date
- Thread