[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Directory tree question

From: Olivier Sessink
Subject: Re: [Jailkit-users] Directory tree question
Date: Tue, 4 Nov 2008 16:55:48 +0100 (CET)
User-agent: SquirrelMail/1.4.13

> Hi All...
> I have been playing with jailkit and really like it, it's just what I
> need,
> thank you!
> I do have one concern though.  I created a scp and sftp only jail.  When I
> log in, I can move up above home and see /dev, /etc/ /home, /lib and /usr.
> I can not write to them, but I can see all the contents.
> Is this normal?  Is there a way to jail the user so that he can not move
> above his own home directory at all?

Jailkit puts a process in a "virtual" root. The process can see everything
in this virtual root, but nothing from the real system. The process
probably needs access to many of the files in the virtual root in order to
function properly (for example system libraries).

This is normal, and this is not considered a security threat. All the
files in the virtual root are available on any Linux install CD, so an
attacker cannot do anything nasty nor get any sensitive information with
access to these files. All interesting files on the real system are not
accessible by an attacker.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]