Package: rssh
Version: 2.3.2-2
Severity: normal
Tags: patch
The above script does not work due to the changed output of ldd with libc6 >=
2.3.4 (see #301455), wrong path definitions and some missing sockets in
$jail_dir/dev.
I attached a patch which fixes these problems.
Greetings,
Carsten.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-xen-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages rssh depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii openssh-server 1:4.3p2-9 Secure shell server, an rshd repla
rssh recommends no packages.
-- debconf information:
* rssh/secnote:
rssh/update-10:
rssh/update-config-pre-2.2:
* rssh/chroot_helper_setuid: true
*** mkchroot.sh.orig 2008-02-12 22:07:08.000000000 +0100
--- mkchroot.sh 2008-02-12 23:22:52.000000000 +0100
***************
*** 5,12 ****
##
## mkchroot.sh - set up a chroot jail.
##
! ## This script is written to work for Red Hat 8/9 systems, but may work on
! ## other systems. Or, it may not... In fact, it may not work at all. Use at
## your own risk. :)
##
--- 5,12 ----
##
## mkchroot.sh - set up a chroot jail.
##
! ## This script is written to work for Red Hat 8/9 systems, but was adapted to
work on
! ## a Debian system. Or, it may not... In fact, it may not work at all. Use
at
## your own risk. :)
##
***************
*** 96,104 ****
# copy SSH files
scp_path="/usr/bin/scp"
! sftp_server_path="/usr/libexec/openssh/sftp-server"
rssh_path="/usr/bin/rssh"
! chroot_helper_path="/usr/libexec/rssh_chroot_helper"
for jail_path in `dirname "$jail_dir$scp_path"` `dirname
"$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do
--- 96,104 ----
# copy SSH files
scp_path="/usr/bin/scp"
! sftp_server_path="/usr/lib/openssh/sftp-server"
rssh_path="/usr/bin/rssh"
! chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper"
for jail_path in `dirname "$jail_dir$scp_path"` `dirname
"$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do
***************
*** 128,134 ****
for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do
echo "Copying libraries for $prog."
! libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3`
for lib in $libs; do
mkdir -p "$jail_dir$(dirname $lib)"
echo -e "\t$lib"
--- 128,134 ----
for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do
echo "Copying libraries for $prog."
! libs=`ldd $prog | sed
's/\(.*=>\)\?[[:blank:]]*\(.*\)[[:blank:]]*\((.*)\)/\2/;/^$/d'`
for lib in $libs; do
mkdir -p "$jail_dir$(dirname $lib)"
echo -e "\t$lib"
***************
*** 148,173 ****
mkdir -p "$jail_dir/etc"
cp /etc/nsswitch.conf "$jail_dir/etc/"
cp /etc/passwd "$jail_dir/etc/"
! cp /etc/ld.* "$jail_dir/etc/"
- echo -e "Chroot jail configuration completed."
echo -e "\nNOTE: if you are not using the passwd file for authentication,"
echo -e "you may need to copy some of the /lib/libnss_* files into the
jail.\n"
#####################################################################
#
! # set up /dev/log
#
mkdir -p "$jail_dir/dev"
echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd"
echo -e "with appropriate options to log to $jail_dir/dev/log. In most
cases,"
echo -e "you will need to start syslog as:\n"
! echo -e " /sbin/syslogd -a $jail_dir/dev/log\n"
- echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c"
- echo -e "if it\ndoesn't, you're on your own. Sorry!\n"
--- 148,176 ----
mkdir -p "$jail_dir/etc"
cp /etc/nsswitch.conf "$jail_dir/etc/"
cp /etc/passwd "$jail_dir/etc/"
! cp -r /etc/ld.* "$jail_dir/etc/"
echo -e "\nNOTE: if you are not using the passwd file for authentication,"
echo -e "you may need to copy some of the /lib/libnss_* files into the
jail.\n"
#####################################################################
#
! # set up /dev/log and /dev/null
#
+ echo -e "Setting up /dev in the chroot jail\n"
mkdir -p "$jail_dir/dev"
+ cp -a /dev/log "$jail_dir/dev"
+ cp -a /dev/null "$jail_dir/dev"
echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd"
echo -e "with appropriate options to log to $jail_dir/dev/log. In most
cases,"
echo -e "you will need to start syslog as:\n"
! echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n"
+ echo -e "Chroot jail configuration completed.\n"
+ echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c"
+ echo -e "if it\ndoesn't, you're on your own. Sorry!\n"
