{"id":502,"date":"2005-04-03T16:05:59","date_gmt":"2005-04-03T07:05:59","guid":{"rendered":"http:\/\/openlook.org\/wp\/?p=502"},"modified":"2005-04-03T16:05:59","modified_gmt":"2005-04-03T07:05:59","slug":"cb-904","status":"publish","type":"post","link":"https:\/\/openlook.org\/wp\/cb-904\/","title":{"rendered":"OpenSSH jail \ud328\uce58"},"content":{"rendered":"<p>\uc11c\ubc84\ub97c \uc138\ud305\ud558\ub358 \ub3c4\uc911\uc5d0 <a href=\"http:\/\/www.freebsd.org\/cgi\/man.cgi?query=jail&#038;apropos=0&#038;sektion=0&#038;manpath=FreeBSD+5.3-RELEASE+and+Ports&#038;format=html\">jail<\/a>\uc548\uc5d0 \uc0ac\uc6a9\uc790\ub97c \ubabd\ub545 \ub2e4 \ub123\uc5b4\ubc84\ub9ac\ub824\uace0, <a href=\"http:\/\/sourceforge.net\/projects\/chrootssh\/\">chroot \ud328\uce58<\/a>\ub97c \ud560\uae4c \ud558\ub2e4\uac00, \uc694\uc0c8 jail\uc5d0\uc11c <a href=\"http:\/\/www.freebsd.org\/cgi\/man.cgi?query=jail_attach&#038;apropos=0&#038;sektion=0&#038;manpath=FreeBSD+5.3-RELEASE+and+Ports&#038;format=html\">jail_attach<\/a>\ub3c4 \uc9c0\uc6d0\ud558\uace0 \ud558\uae38\ub798, \uac04\ub2e8\ud558\uac8c jail \ud328\uce58\ub85c \ubc14\uafd4 \ubd24\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc694\ub807\uac8c \ud558\uba74 chroot\ubcf4\ub2e4 \ub9ac\uc18c\uc2a4 \uc81c\ud55c\uc744 \uc880 \ub354 \uc12c\uc138\ud558\uac8c \ud560 \uc218 \uc788\uace0, top\ub098 ps\uac19\uc740 \uac83\ub3c4 jail \uc548\uc758 \uac83\ub9cc \ubcfc \uc218 \uc788\ub3c4\ub85d \uc81c\ud55c\ub429\ub2c8\ub2e4. \uc774\ud788\ud788 \ud83d\ude42<\/p>\n<pre>--- crypto\/openssh\/session.c.orig\tTue Apr 20 18:46:40 2004\n+++ crypto\/openssh\/session.c\tSun Apr  3 15:59:05 2005\n@@ -1262,6 +1262,12 @@\n \t}\n }\n \n+#include &lt;jail.h&gt;\n+\n+#define JAIL 1\n+#define JAILPREFIX \"\/thunderbluff\/\"\n+#define JAILIDFILE \"\/var\/run\/jail_thunderbluff.id\"\n+\n \/* Set login name, uid, gid, and groups. *\/\n void\n do_setusercontext(struct passwd *pw)\n@@ -1275,6 +1281,25 @@\n \t\tif (setpcred(pw->pw_name, (char **)NULL) == -1)\n \t\t\tfatal(\"Failed to set process credentials\");\n #endif \/* HAVE_SETPCRED *\/\n+\n+#ifdef JAIL\n+\t\tif (strncmp(pw->pw_dir, JAILPREFIX \"\/\",\n+\t\t\t\tsizeof(JAILPREFIX)) == 0) {\n+\t\t\tFILE *fp;\n+\t\t\tint jailid = -1;\n+\t\t\tfp = fopen(JAILIDFILE, \"r\");\n+\t\t\tif (fp == NULL)\n+\t\t\t\tfatal(\"Couldn't open \" JAILIDFILE);\n+\t\t\tfscanf(fp, \"%d\", &amp;jailid);\n+\t\t\tfclose(fp);\n+\t\t\tif (jailid == -1)\n+\t\t\t\tfatal(\"Invalid argument on \" JAILIDFILE);\n+\t\t\tif (jail_attach(jailid) != 0)\n+\t\t\t\tfatal(\"Failed to get into the jail\");\n+\t\t\tpw->pw_dir += sizeof(JAILPREFIX) - 1;\n+\t\t}\n+#endif \/* JAIL *\/\n+\n #ifdef HAVE_LOGIN_CAP\n # ifdef __bsdi__\n \t\tsetpgid(0, 0);\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\uc11c\ubc84\ub97c \uc138\ud305\ud558\ub358 \ub3c4\uc911\uc5d0 jail\uc548\uc5d0 \uc0ac\uc6a9\uc790\ub97c \ubabd\ub545 \ub2e4 \ub123\uc5b4\ubc84\ub9ac\ub824\uace0, chroot \ud328\uce58\ub97c \ud560\uae4c \ud558\ub2e4\uac00, \uc694\uc0c8 jail\uc5d0\uc11c jail_attach\ub3c4 \uc9c0\uc6d0\ud558\uace0 \ud558\uae38\ub798, \uac04\ub2e8\ud558\uac8c jail \ud328\uce58\ub85c \ubc14\uafd4 \ubd24\uc2b5\ub2c8\ub2e4. \uc694\ub807\uac8c \ud558\uba74 chroot\ubcf4\ub2e4 \ub9ac\uc18c\uc2a4 \uc81c\ud55c\uc744 \uc880 \ub354 \uc12c\uc138\ud558\uac8c \ud560 \uc218 \uc788\uace0, top\ub098 ps\uac19\uc740 \uac83\ub3c4 jail \uc548\uc758 \uac83\ub9cc \ubcfc \uc218 \uc788\ub3c4\ub85d \uc81c\ud55c\ub429\ub2c8\ub2e4. \uc774\ud788\ud788 \ud83d\ude42 &#8212; crypto\/openssh\/session.c.orig Tue Apr 20 18:46:40 2004 +++ crypto\/openssh\/session.c Sun &#8230; <a title=\"OpenSSH jail \ud328\uce58\" class=\"read-more\" href=\"https:\/\/openlook.org\/wp\/cb-904\/\" aria-label=\"Read more about OpenSSH jail \ud328\uce58\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-502","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"_links":{"self":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts\/502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/comments?post=502"}],"version-history":[{"count":0,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts\/502\/revisions"}],"wp:attachment":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/media?parent=502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/categories?post=502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/tags?post=502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}