Hi folks,
A while ago, there where some mails about telnetting to a chrooted
enviroment on a UNIX box. It's more of an experiment. I have two
questions:
- Can I somehow block outgoing traffic from the chrooted enviroment? My
machine is part of a trusted network. So i don't want the users from the
'box' to be able to have the same privileges. First I tought to patch
telnet en make it broadcast the ip of my virtual interface instead of the
real one. However, this wouldn't do any good as recompiling telnet would
solve the problem.
- How can i get ps to work? I was able to mount /proc twice, once in the
normal and one in the chrooted enviroment. However as /proc is not a
normal filesystem and contains the cwd of each process (thus also of the
ones outside the chrooted enviroment) I fear that a hacker might break
trough.
Any ideas?
PS : I tought of using ipfw to block the outgoing traffic, but that would
also block the traffic from outside the 'box'
--Eric
Globe Internet nv
____________________________________________________
My opinions expressed here, and in any public forum,
are my own and do not represent those of my employer
or its clients. I am an individual, and I will
retain those rights of free speech granted to me,
regardless of my employment status.
Follow-Ups:
|
|
