Gerhard W. Gruber wrote:
On Fri, 06 Feb 2004 21:12:00 +0100, Arne Vogel <[EMAIL PROTECTED]> wrote:
Also, it seems the linker requires these libraries to be referenced via
symlinks just as in
your ordinary /lib directory. You should be able to just do a "cp -dp
/lib/libnss* lib" (from inside
the chrroot-directory) to make all the NSS libraries available to the
chrooted environment.
Do *not* use ln, as that kind of defeats the purpose of the chroot
environment (an attacker
could open the hard-linked library for write access, and thus compromise
your global /lib
directory). Maybe one day Linux'll support copy-on-write for hard-linked
files... :-)
Now it works for anonymous. But I still have the problem of being blind when
logging in as normal user. It seems that I have to createt his entire
environment for all users I want to be accessible via ftp. I don't really like
that, but having anonymous access is sufficient for now.
Or is there some way to create a universal chroot environment?
Hmm... I don't know. "info ftpd" may help.
BTW: Doing the libs with ln doesn't work anyway, because when you do a chroot,
then the root directory is set to the one you specified.
So if you have this in your normal environment
/lib/libc.so
/home/ftp/lib/libc.so -> /lib/libc.so
it will in truth point to
/home/ftp/lib/libc.so as soon as you do the chroot.
Symlinks will not work, of course, but hard links would.
--
[EMAIL PROTECTED] mailing list
