similar to: No subject

Hi, This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot

Hey, Well, that was easy :-) Patch against CVS follows: Summary: Created a boolean option allow_zero_gid, when set to yes it will allow logins from users whose group id is zero. Tested with KMail 3.1.1 on FreeBSD 4.8. I'm not sure if my method for passing the boolean via the environment is correct, it looks a little on the ugly side. Index: src/lib/restrict-access.c

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just

Please post to the mailing list the next time Ralf. I'm not using yp directory listings, but I can guess why it is not working. You're probably missing the libcurl.so library in your chroot jail directories. Here's the listing of files I have in the chroot jail: -----%< cut here > ls -R .: admin etc lib opt usr var web ./admin: listclients.xsl listmounts.xsl

In article <Pine.LNX.3.95.970503190235.5733A-100000@puck.nether.net>, Myles Uyema <linux-security@redhat.com> wrote: > [mod: But from reading the source I think you don''t need a /dev entry > to remount the partition without the nodev. Moreover you could MAKE > the /dev entry and use that if it were necessary. But that is not the > issue. The issue is that a

Hi, Over the weekend I decided to create an icecast relay for Nicecast. I wanted this to run in a chroot jail on a redhat server. There did not seem to be much on the web about setting this up; I'm including some details here. This is my first encounter with icecast; I'm hoping to elicit comments and criticism (e.g., if my post is too long). First, there did not seem to be a startup

On Thu, 2002-12-19 at 01:30, msmith@labyrinth.net.au wrote: > Alan Silvester <mascdman@shaw.ca> said: > > > Hi, > > > > (Sorry for the long email) > > > > As a bit of a learning exercise, I'm trying to place the icecast daemon > > in a chroot jail. I've been mostly sucessful: I can get icecast to > > serve the default stream from

Hi, (Sorry for the long email) As a bit of a learning exercise, I'm trying to place the icecast daemon in a chroot jail. I've been mostly sucessful: I can get icecast to serve the default stream from its jail, however I can't get multiple streams to work. I think the problem is that icecast can't resolve addresses in the jail, however I do have an etc/hosts file and

> Klaas Jan Wierenga wrote: > > > I'm not using yp directory listings, but I can guess why it is not > > working. > > You're probably missing the libcurl.so library in your chroot jail > > directories. Here's the listing of files I have in the chroot jail: > > Definitely not, I rebuilt the whole lib structure i got from > ldd in my chroot But

Does your instance of icecast have CURL support compiled in? Without it authentication doesn't work I think. Furthermore, if you're running icecast in a chroot jail then you need to make sure the curl shared libraries are installed in the chroot jail as well. Regards, KJ Peter Bengtson wrote: > The icecast server isn't on a Mac, it just connects to a Mac for the >

I have a need to have users SSH into a server where they are limited to a chroot jail (sandbox). Once they are there, they need to be able to execute 'ssh' and 'scp' to other systems. I've no problem setting up the basic chroot jail and providing basic functionality (ls, cat, less, etc). The part that is stopping me is setting it up so that that user can then 'ssh'

Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:03.jail Security Advisory The FreeBSD Project Topic: Jailed processes can attach to other jails Category: core Module: kernel Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:03.jail Security Advisory The FreeBSD Project Topic: Jailed processes can attach to other jails Category: core Module: kernel Announced:

rssh is a small shell whose purpose is to restrict users to using scp or sftp, and also provides the facilities to place users in a chroot jail. It can also be used to lock users out of a system completely. William F. McCaw identified a minor security flaw in rssh when used with chroot jails. There is a bug in rssh 2.0 - 2.1.x which allows a user to gather information outside of a chrooted jail

Michael Smith wrote: > As you've found out, you do need a lot of stuff on modern systems (you > didn't say what OS you were using, though) to get a working resolver. Grumpf. Linking is a fine thing for space economy, but for chroot I wish everything was static and monolithic and self-contained. > You should be able to find some info with a web search - just don't > make

-----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 2 May 1997 12:33:00 -0500 > From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM> > On almost all Unix operating systems, having superuser access in a > chroot() jail is still dangerous. In some recent revisions of 4.4BSD > operating systems, root can trivially escape chroot(), as well. I was thinking about possible attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-07:03.rc.d_jail Errata Notice The FreeBSD Project Topic: rc.d jail script interface IP alias removal Category: core Module: etc_rc.d Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced: