Great Circle Associates Firewalls
(February 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Can you print from a chroot'd process?
From: John Gibbins <johng @ weema . chi . uwa . edu . au>
Date: Fri, 11 Feb 1994 09:13:47 +0800 (WST)
To: Firewalls @ GreatCircle . COM

We are installing a package that I have very little trust in (but have no
choice in installing :-(, so I can't say no).  To protect the rest of the
system from massive security holes it may contain (including shell escapes)
I want to run it via chroot() for obvious reasons.

My problem is that users of the package need to be able to print.
How can I do this from within a chroot'd process (with min effort :-) without
impacting normal (non chroot) users?

I'm running SunOS4.1.3, but will eventually go to Solaris 2.x.

We sit behind a strict packet filter and have users with virtually no 
network knowledge except for the ones who know the root passwords anyway,
so a security through obscurity solution may be acceptable.
I don't need to restrict access to particular printers and am able to force the
package to print via any command I like.

Thanks in advance.

John Gibbins                           The Western Australian Research Institute
The University of Western Australia      for Child Health Ltd     ,-_|\
email:  johng @
 chi .
 uwa .
 edu .
 au           GPO Box D184              /     \
Phone:  +61-9-3408547                  PERTH  W.A. 6001          *_,-._/
Fax:    +61-9-3883414                  AUSTRALIA                      v
"Nothing is foolproof as fools are so ingenious"

Indexed By Date Previous: Re: Gopher server on a unix host
From: smb @ research . att . com
Next: Re: Slip on Solaris 2.3
From: jim @ Tadpole . COM (Jim Thompson)
Indexed By Thread Previous: Re: Crack'ified npasswd
From: morgan @ engr . uky . edu (Wes Morgan)
Next: Re: Can you print from a chroot'd process?
From: mjr @ tis . com

Search Internet Search