Security

[Brad Templeton]

Probably the best way to provide security is to make a mini filesystem
and chroot the users to it.  You must create directories there like /etc,
with a special /etc/passwd and /etc/group file there for the restricted
users.  Plus a /dev, and a /tmp, a /bin, /usr/bin.  In most cases (not passwd)
you can just use a link from the real filesystem, as long as the file you
want is in the same filesystem as the restricted one.  You can give people
A vi, a kermit, csh, all those things.

Only link in the commands you really want to give restricted users, and
take extra care that for any setuid command you provide, that *all the required
files and directories* are in place in the /tiny filesystem and not generally
writable.

Don't forget things like /dev/tty, and /usr/preserve (for vi) although reboot
preserve processing won't go on there.

Now I haven't investigated it a lot, so maybe there are holes in chroot.
Assuming not, however, it should let you custom configure any restricted
environment you want.   (Some things, like mail and news will be tougher.
You will have to include the news lib and spool directories inside the
tiny directory, and have special compilations of the news programs.)

(If anybody does know a hole in chroot, let me know!)

Here's the source for something you can use as the login shell of a
restricted user.
----------


/*
 * Set up a login in the chroot directory
 */

main( argc, argv, envp )
int argc;
char **argv;
char **envp;
{
	int ruid;

	ruid = getuid();
	chroot( "/tiny" );
	setuid( ruid );
	argv[argc] = 0; /* to be sure */
	execve( "/bin/csh", argv, envp );
}
---------
-- 
Brad Templeton, Looking Glass Software Ltd.  --  Waterloo, Ontario 519/884-7473