http://sourceforge.net/projects/chrootssh/ 에서 진행하는 SSH의 chroot 패치가 있다.
—————————–openssh-chrootssh.patch———————–
— session.c.org 2005-07-25 01:28:59.000000000 +0900
+++ session.c 2005-07-25 01:28:35.000000000 +0900
@@ -58,6 +58,8 @@
#include “session.h”
#include “monitor_wrap.h”
+#define CHROOT
+
#if defined(KRB5) && defined(USE_AFS)
#include <kafs.h>
#endif
@@ -1258,6 +1260,12 @@
void
do_setusercontext(struct passwd *pw)
{
+
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
+
#ifndef HAVE_CYGWIN
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
@@ -1315,6 +1323,27 @@
restore_uid();
}
#endif
+
+#ifdef CHROOT
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ while((new_root = strchr(new_root, ‘.’)) != NULL) {
+ new_root–;
+ if(strncmp(new_root, “/./”, 3) == 0) {
+ *new_root = ‘\0’;
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
+ fatal(“Couldn’t chroot to user’s directory %s”, user_dir);
+ pw->pw_dir = new_root;
+ break;
+ }
+
+ new_root += 2;
+ }
+#endif /* CHROOT */
+
# ifdef USE_PAM
/*
* PAM credentials may take the form of supplementary groups.
———————————————————————————–
——————————openssh.spec.diff————————————
—- openssh.spec.org 2005-05-31 18:43:30.000000000 +0900
+++ openssh.spec 2005-07-25 22:34:42.000000000 +0900
@@ -13,7 +13,8 @@
Patch1: openssh-rpm.patch
Patch2: openssh-loginallow.patch
Patch3: openssh-mCOOKIE.patch
Patch4: openssh-multibyte.patch
+Patch5: openssh-chrootssh.patch
Copyright: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
@@ -90,6 +91,7 @@
%patch2 -p1 -b .loginallow
%patch3 -p1 -b .mCOOKIE
%patch4 -p1 -b .multibyte
+%patch5 -p0 -b .chrootssh
#autoconf
%build
———————————————————————————–
매번 설치할때마다 중요한 파일 목록들을 까먹어 기록해 둔다.
bin:
bash cat chmod cp cut egrep gunzip gzip hostname
ls mkdir mv rm rmdir sh tar
dev:
null (mknod null c 1 3)
zero (mknod zero c 1 5)
etc:
DIR_COLORS DIR_COLORS.xterm bashrc group inputrc
passwd profile termcap vimrc
etc/profile.d:
colorls.sh lang.sh vim.sh
etc/sysconfig:
i18n
lib:
ld-2.2.4.so ld-linux.so.2 libc-2.2.4.so libc.so.6
libcrypt.so.1 libdl-2.2.4.so libdl.so.2 libm.so.6
libnsl.so.1 libnss_files.so.2 libpthread.so.0
libresolv.so.2 libtermcap.so.2 libtermcap.so.2.0.8
libutil.so.1
usr/bin:
dircolors du id mesg vim whoami
usr/lib:
libgpm.so.1 libncurses.so.5 libperl.so
libpython2.5.so.1.0
usr/share/terminfo:
*
usr/share/vim:
*