08 Sep 2003
This was an idea that raph had on #p2p-hackers: Get a DNS server running (I hear Twisted has some stuff to do just this) and copy of a trustmetric like advogato and use it for a TM based DNS lookup. So for example if you lookup zooko.myers.tm.org you would get what ever IP that I think zooko’s website lives at. Or if you try pynk.zooko.tm.org you would get Ben Phillip’s IP, even tho zooko doesn’t know Ben, but I know Ben and zooko trust me more than anyone else who knows someone name ‘pynk’.
02 Sep 2003
When I was visiting aritmage and itamar in NYC, I put forth the drunken idea of a OS written in Python. Now some silly person is writing Cleese an OS in python.
I think a neat thing to do with this is have a capabilities based system to handle OS rights. In this system, a webserver wouldn’t be root to bind to a port < 1024, but would get passed a socketobj that was bound to 80 at startup. Also would be given directoryobj for it’s docroot. It would be allowed to create new fileobjs/dirobj from that dirobj. Also the docroot dirobj would be missing an entry for “..”
#python
02 Sep 2003
Tip: Cut and paste this link and send it as an email to yourphonenumber@messaging.sprintpcs.com
28 Aug 2003
The chroot patch for openssh is a bit different than the one that I mentioned in the last post. With this you can chroot shell sessions as well. I hope they get this into the mainline OpenSSH. Download debian packages for ssh with the chroot patch
28 Aug 2003
Today I made our new server at work only let some people to use sftp on login, and made sftp-server chroot before running. This was on a RedHat 8.0 box.
First I downloaded the openssh source, using apt with the command sudo apt-get source openssh. Then I tried to run rpm -ba /usr/src/redhat/SPECS/openssh.spec, but of course that didn’t. After much poking around on google I found that rpmbuild -ba would do the trick. That of course failed half way thur, but I did poke into the openssh.spec file and found out what options it passed to ./configure. I unpacked the tarball myself, then ran ./configure with the right options. Then I applied the sftp-chroot.diff patch and did make sftp-server. I copied that file to /usr/libexec/openssh/sftp-server-chroot, and did chmod +s /usr/libexec/openssh/sftp-server-chroot.
Then I edited /etc/passwd and added the magic chars “/.” to the users path, and changed their shell to /usr/libexec/openssh/sftp-server-chroot. And it worked.