Displaying 20 results from an estimated 70000 matches similar to: "No subject"
2004 Aug 06
0
[PATCH] Configurable privileges and chroot jail
Hi,
This patch (against the current CVS tree) is intended to add secure
configuration to icecast 'out of the box'. It adds two configuration
directives, 'icecast_user' and 'chroot_dir'. These are intended to be
used together to reduce the privileges icecast runs under to the
minimum necessary. When this is enabled and run as root icecast will
enter the specified chroot
2003 Apr 15
1
PATCH allow_zero_gid option
Hey,
Well, that was easy :-) Patch against CVS follows:
Summary:
Created a boolean option allow_zero_gid, when set to yes it will allow
logins from users whose group id is zero. Tested with KMail 3.1.1 on
FreeBSD 4.8. I'm not sure if my method for passing the boolean via the
environment is correct, it looks a little on the ugly side.
Index: src/lib/restrict-access.c
1997 May 08
0
Re: root in a chroot jail (was: Buffer Overflows: A Summary)
Martin Pool wrote:
>
> > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU>
> > Date: 05 May 1997 12:23:05 -0400
>
> > [mod: Yes. One "catchall" would be to modify "suser()" to return
> > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a
> > chrooted environment just
2004 Sep 15
3
FW: Tip: using icecast in chroot mode may break timestamp inaccess.log
Please post to the mailing list the next time Ralf.
I'm not using yp directory listings, but I can guess why it is not working.
You're probably missing the libcurl.so library in your chroot jail
directories. Here's the listing of files I have in the chroot jail:
-----%< cut here
> ls -R
.:
admin etc lib opt usr var web
./admin:
listclients.xsl listmounts.xsl
1997 May 05
0
Re: Re: Re: Buffer Overflows: A Summary
In article <Pine.LNX.3.95.970503190235.5733A-100000@puck.nether.net>,
Myles Uyema <linux-security@redhat.com> wrote:
> [mod: But from reading the source I think you don''t need a /dev entry
> to remount the partition without the nodev. Moreover you could MAKE
> the /dev entry and use that if it were necessary. But that is not the
> issue. The issue is that a
2008 Nov 03
2
reloading configuration in icecast chroot jail on a redhat system
Hi,
Over the weekend I decided to create an icecast relay for Nicecast. I wanted
this to run in a
chroot jail on a redhat server. There did not seem to be much on the web
about setting this up;
I'm including some details here. This is my first encounter with icecast;
I'm hoping to
elicit comments and criticism (e.g., if my post is too long).
First, there did not seem to be a startup
2004 Aug 06
2
Placing Icecast in a chroot jail
On Thu, 2002-12-19 at 01:30, msmith@labyrinth.net.au wrote:
> Alan Silvester <mascdman@shaw.ca> said:
>
> > Hi,
> >
> > (Sorry for the long email)
> >
> > As a bit of a learning exercise, I'm trying to place the icecast daemon
> > in a chroot jail. I've been mostly sucessful: I can get icecast to
> > serve the default stream from
2004 Aug 06
2
Placing Icecast in a chroot jail
Hi,
(Sorry for the long email)
As a bit of a learning exercise, I'm trying to place the icecast daemon
in a chroot jail. I've been mostly sucessful: I can get icecast to
serve the default stream from its jail, however I can't get multiple
streams to work.
I think the problem is that icecast can't resolve addresses in the jail,
however I do have an etc/hosts file and
2004 Sep 18
2
TIP: using icecast in chroot mode with YP announcing
> Klaas Jan Wierenga wrote:
>
> > I'm not using yp directory listings, but I can guess why it is not
> > working.
> > You're probably missing the libcurl.so library in your chroot jail
> > directories. Here's the listing of files I have in the chroot jail:
>
> Definitely not, I rebuilt the whole lib structure i got from
> ldd in my chroot But
2006 Sep 08
2
URL authentication
Does your instance of icecast have CURL support compiled in? Without it
authentication doesn't work I think. Furthermore, if you're running
icecast in a chroot jail then you need to make sure the curl shared
libraries are installed in the chroot jail as well.
Regards,
KJ
Peter Bengtson wrote:
> The icecast server isn't on a Mac, it just connects to a Mac for the
>
2001 Apr 09
0
Running 'ssh' and 'scp' from a chroot jail (sandbox)
I have a need to have users SSH into a server where they are limited to a
chroot jail (sandbox). Once they are there, they need to be able to execute
'ssh' and 'scp' to other systems.
I've no problem setting up the basic chroot jail and providing basic
functionality (ls, cat, less, etc). The part that is stopping me is setting
it up so that that user can then 'ssh'
2008 Jan 13
1
Can TFTPD run in a chroot jail?
Hi,
I've been struggling with this problem for the last couple of hours and am
nowhere near solving the problem. I am trying to run a tftp server in a
chroot jail. Now perhaps I am being paranoid, but I would like to have it
launched from within its own jail even if it supposedly does a chroot itself
and runs with a parameterizable user.
I downloaded the atftp-server package and tried
2004 Feb 27
0
FreeBSD Security Advisory FreeBSD-SA-04:03.jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:03.jail Security Advisory
The FreeBSD Project
Topic: Jailed processes can attach to other jails
Category: core
Module: kernel
Announced:
2004 Feb 27
0
FreeBSD Security Advisory FreeBSD-SA-04:03.jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:03.jail Security Advisory
The FreeBSD Project
Topic: Jailed processes can attach to other jails
Category: core
Module: kernel
Announced:
2004 Jun 19
0
security flaw in rssh
rssh is a small shell whose purpose is to restrict users to using scp
or sftp, and also provides the facilities to place users in a chroot
jail. It can also be used to lock users out of a system completely.
William F. McCaw identified a minor security flaw in rssh when used
with chroot jails.
There is a bug in rssh 2.0 - 2.1.x which allows a user to gather
information outside of a chrooted jail
2005 Jan 22
3
EROR: no DNS
Michael Smith wrote:
> As you've found out, you do need a lot of stuff on modern systems (you
> didn't say what OS you were using, though) to get a working resolver.
Grumpf. Linking is a fine thing for space economy, but for chroot
I wish everything was static and monolithic and self-contained.
> You should be able to find some info with a web search - just don't
> make
1997 May 03
3
Re: Buffer Overflows: A Summary
-----BEGIN PGP SIGNED MESSAGE-----
> Date: Fri, 2 May 1997 12:33:00 -0500
> From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM>
> On almost all Unix operating systems, having superuser access in a
> chroot() jail is still dangerous. In some recent revisions of 4.4BSD
> operating systems, root can trivially escape chroot(), as well.
I was thinking about possible attacks
2007 Feb 28
0
FreeBSD Errata Notice FreeBSD-EN-07:03.rc.d_jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-07:03.rc.d_jail Errata Notice
The FreeBSD Project
Topic: rc.d jail script interface IP alias removal
Category: core
Module: etc_rc.d
Announced:
2007 Jan 11
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced:
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced: