[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Using "rootsh" with jailkit
|
From: |
Olivier Sessink |
|
Subject: |
Re: [Jailkit-users] Using "rootsh" with jailkit |
|
Date: |
Thu, 30 Apr 2009 20:49:45 +0200 |
|
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
Charley Marsh wrote:
Thanks for the info and the fast response! Here's what I've done so far:
I logged in with the jailed user, then started editing a file in vim.
I found the PID of vim (26037).
I found the directory for PID 26037 in /proc, and it does have a link
named root that points to /xjail.
I ran jk_list as root, and it still only lists the user "nobody" with
the jail "user/sbin/jk_socketd".
hmm strange. sounds like a bug. the jk_list code is pretty simple, but
for some reason it doesn't work for you...
def runList(verbose,jail):
# open /proc/
results = []
dirlist = os.listdir('/proc')
try:
for entry in dirlist:
if (entry.isdigit()):
# we have a process, now read the link root
ret = os.readlink('/proc/'+entry+'/root')
if (ret != '/'):
results.append(ListResult(entry))
except OSError, e:
if (e.errno == 13):
print 'Permission denied'
return results
Here is the line for this user in the etc - passwd file outside of the jail:
presley:x:704:704::/xjail/./home/presley:/usr/sbin/jk_chrootsh
And here is the etc - passwd line inside the jail:
presley:x:704:704::/home/presley:/bin/bash
I was attempting to lauch rootsh from the etc - profile file in the
jail, but that particular program is complaining that it can't resolve
which user launched it.
I don't know if this is what is causing this or not, but I am using
pam_radius to authenticate users who login through SSH.
the nsswitch.conf in the jail, does it also use radius? if so, is the
radius configuration also in the jail? this could explain why programs
in the jail cannot resolve the user.
regards,
Olivier