Contributed by jose on from the enhanced-sftp-security dept.
http://www.gtd5.net/public/projects/systrace_sftp_jail.tar.gz
I noticed this was lacking so i whipped it up.
Enjoy."
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the enhanced-sftp-security dept.
http://www.gtd5.net/public/projects/systrace_sftp_jail.tar.gz
I noticed this was lacking so i whipped it up.
Enjoy."
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous Coward () on
By mirabile () on
Comments
By Luiz Gustavo () on
With care and further testing maybe we can make it worth.
Plus it will help debug systrace more, with latest commits it became broken while interacting with tcpserver+publicfile.
By schwack () Yes, I have email on mailto:Yes, I have email
On 3.4-stable, I had to add this to get the policy to work:
native-fsread: filename eq "/usr/lib/libc.so.30.1" then permit
native-fsread: filename eq "/usr/lib/libcrypto.so.10.0" then permit
instead of .3
The README instructs you to use the shell as /bin/stsftp. To be consistant that should really be /usr/local/bin/stsftp
Also, for this to work, the policy in /etc/systrace has to be readable by the user.
Comments
By rrm () rrm@gtd5.net on http://www.gtd5.net
By Anonymous Coward () on
>native-fsread: filename eq >"/usr/lib/libcrypto.so.10.0" then permit
match "/usr/lib/libc*"
Comments
By rrm () rrm@gtd5.net on http://www.gtd5.net
By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com
/usr/lib/libc.a
/usr/lib/libc.so.29.0
/usr/lib/libc_p.a
/usr/lib/libc_pic.a
/usr/lib/libcom_err.a
/usr/lib/libcom_err_p.a
/usr/lib/libcom_err_pic.a
/usr/lib/libcompat.a
/usr/lib/libcompat_p.a
/usr/lib/libcrypto.a
/usr/lib/libcrypto.so.9.0
/usr/lib/libcrypto_p.a
/usr/lib/libcrypto_pic.a
/usr/lib/libcurses++.a
/usr/lib/libcurses++.so.2.0
/usr/lib/libcurses++_p.a
/usr/lib/libcurses++_pic.a
/usr/lib/libcurses.a
/usr/lib/libcurses.so.9.0
/usr/lib/libcurses_p.a
/usr/lib/libcurses_pic.a
In my 3.3-stable box.
Comments
By Anonymous Coward () on
I felt owned for a second...
Comments
By rrm () rrm@gtd5.net on http://www.gtd5.net
libc.so.*
libcrypto.so.*
seems to be working fine.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
native-fcntl: permit
^ this allows you to kill any process
native-fchdir: permit
^ this allows you to change to any directory that you were able to open
native-mprotect: permit
native-mmap: permit
^ these allow you to execute arbitrary code in the task
scroll down further in the policy to see all the files you can access
this demonstrates a fundamental flaw of systrace: it provides no granularity for system calls that take file descriptors as arguments.