From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Oct 28 12:08:40 1998
Received: by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) id MAA16239;
	Wed, 28 Oct 1998 12:08:40 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail.nanet.co.jp (ns.nanet.co.jp [210.164.52.3])
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) with ESMTP id MAA16233
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 28 Oct 1998 12:08:38 +0900 (JST)
	(envelope-from kei@nanet.co.jp)
Received: from nanet.co.jp (nonnoko.nanet.co.jp [210.164.52.131])
	by mail.nanet.co.jp (8.8.8/3.7W-nanet.ns.1998102014) with ESMTP id MAA21662;
	Wed, 28 Oct 1998 12:08:37 +0900 (JST)
Message-ID: <36368AB4.4BF4B41E@nanet.co.jp>
Date: Wed, 28 Oct 1998 12:08:36 +0900
From: Katsuyuki Maeda <kei@nanet.co.jp>
Organization: Nagasaki Network Service, Co.Ltd.
X-Mailer: Mozilla 4.06 [ja] (Win95; I)
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.freebsd.org
References: <199810270905.SAA03722@srapc342.sra.co.jp>
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+980914
X-Sequence: FreeBSD-users-jp 34550
Subject: [FreeBSD-users-jp 34550] Re: =?ISO-2022-JP?B?GyRCJWolYhsoQg==?=
 =?ISO-2022-JP?B?GyRCITwlSCVQJUMlLyUiJUMlVxsoQg==?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$B!!A0ED!w(Bnanet$B$G$9!#(B

Noriyuki Soda wrote:
> $B%P%C%/%"%C%WMQ$N%f!<%6!<$N(B login shell $B$r!"(Bchroot(2) $B$7$?>e$GK\J*$N(B
> shell $B$r(B exec $B$9$k%W%m%0%i%`$K$7$F$*$/$H$$$&J}K!$,$"$k$H;W$$$^$9!#(B

$B!!$"$j$,$H$&$4$6$$$^$9!*!*(B
$B!!Hs>o$K%J%$%9$JJ}K!$@$H;W$C$?$N$G!"AaB.!";n$7$F$_$^$7$?!#(B

$B!!:n$C$?%W%m%0%i%`(B
-------- chrootsh.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>

#define EXEC_SHELL      "/bin/sh"

int main(int argc, char **argv)
{
        uid_t uid;
        struct passwd *pwent;
        char *shell;

        if (geteuid()) {
                (void) fprintf(stderr, "chrootsh: must set uid root.\n");
                exit(1);
        }
        uid = getuid();
        pwent = getpwuid(uid);
        if (!pwent) {
                (void) fprintf(stderr, "chrootsh: getpwent failed.\n");
                exit(1);
        }
        if (chdir(pwent->pw_dir)) {
                (void) fprintf(stderr, "chrootsh: can't chdir to home.\n");
        }
        if (chroot(pwent->pw_dir)) {
                (void) fprintf(stderr, "chrootsh: chroot failed.\n");
                exit(1);
        }
        seteuid(uid);
        execv(EXEC_SHELL, argv);
        (void) fprintf(stderr, "chrootsh: exec shell failed.\n");
        exit(1);
}
--------
$B!!$3$l$r(B cc $B$7$F!"(B/root/bin $B$K$G$bCV$$$F!"(B
  chown root:operator chrootsh
  chmod 4710 chrootsh

$B!!(Btape$B$N%"%+%&%s%H$r:n$j$^$9!#(B
  tape:*:888:5::0:0:tape:/root/tape:/root/bin/chrootsh
$B!!$3$N%f!<%6!<$O(B operator$B$KB0$7$F$$$kI,MW$,$"$j$^$9!#(B

$B!!(B/root/tape/bin $B$K(B sh$B$r:n$j$^$9!#(B
  ln /bin/sh . $B$H$7$F%O!<%I%j%s%/$9$k$+%3%T!<$7$F2<$5$$!#(B
$B!!%7%s%\%j%C%/%j%s%/$G$OBLL\$G$9!#(B
$B!!F1MM$K$7$F!"(B/root/tape/usr/sbin $B$K(B rmt $B$r:n$j$^$9!#(B
$B%G%P%$%9$,JL$K$J$k>l9g$O!"%O!<%I%j%s%/$b;H$($J$$$N$GCm0U$7$^$9!#(B

$B!!%G%P%$%9%U%!%$%k$r:n$j$^$9!#(B
  mkdir /root/tape/dev
$B!!(Bcd /dev/
  tar cvf - nrst* | (cd /root/tape/dev; tar xvfp -)

$B!!(B/root/tape $B$K(B .rhosts $B$rMQ0U$7!"I,MW$J%[%9%H$N(B root$B$X(B
rsh$B$r5v$9$h$&$K$7$^$9!#(B

$B!!0J>e$G!"40A4$J%"%/%;%9$rEO$5$J$$$G!"%j%b!<%H%P%C%/%"%C%W$,(B
$B$G$-$k$h$&$K$J$j$^$7$?!#(B

$B!!$b$&>/$7@0M}$7$F!"(BQandA$B$KN.$7$?$$$H;W$$$^$9$N$G!"LdBjE@$,$"$l$P(B
$B$4;XE&$/$@$5$$!#(B

--
Nagasaki Network Service (http://www.nanet.co.jp/)
 kei@nanet.co.jp <Katsuyuki Maeda> (http://www.nanet.co.jp/~kei/)
