[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stopping outgoing services/



The only real way to keep people from getting outside once they're
on your machine is just as Alex says--block the socket call from
working and then it doesn't matter what the user tries to do to
circumvent it--it won't work.

We've done that on Grex.  For more information, see

    http://www.cyberspace.org/staffnote/blocks.html

That's the way to do it.  With all the code being open here, it would
be lots easier than digging around SunOS binaries to accomplish it.

--STeve Andre'

At 12:26 AM 9/19/00 +0200, Alex de Joode wrote:
On Sun, Sep 17, 2000 at 11:23:35PM -0700, Dave wrote:
> Hey all...
> If I were to offer shell accounts to my server, how
> can i stop the user from using outgoing services?
> I would like to keep and allow ftp, ssh into the box,
> but when the user is in the shell I want to be able to
> keep them from telnetting to other servers, etc..
> Thanks
> dave


One of the free shell account providers has(had) a patch to OpenBSD that would allow only users of a specific group to open sockets.

ie: you could telnet in, but not out if you were not
in the 'telnet' group. (same for other services)

I believe it was http://www.hobbiton.org/, but as their
site seems to be down I can't verify this.

--
Exit! Stage Left!





Visit your host, monkey.org