Login program

The BSDi login program is very flexible, but can not provide the required function: namely chrooting to the home directory before invoking the shell.

A small wrapper for the user's shell be written. There are two ways that this can be done:

• a wrapper for telnetd: this already exists as virthost for the virtual POP server. This requires that telnetd and login be available in the chroot area. It also means that the login will be handled by the password file in the chrooted area. If this solution is used, then the FTP services should also be adjusted to do this so that the same password file will be used.
• a wrapper for the user's shell can be written. This program must be set-user-id root in order to make the chroot(2) call. The program can then give up its permissions and invoke the user's shell.

A disadvantage from a security point of view of option 1 is that programs in the chroot'ed area will be run as root (telnetd, login, ftpd). In addition, changes would be required to the FTP system, which would otherwise be unchanged.

A disadvantage of option 2 is that a set-user-id program is required. The size of the program is very small, and it should be easy to determine that all error conditions are handled properly. Option 2 is recommended.

A third option is to modify the BSDi /bin/login source code. With BSDi source code, it would be an easy change. Without a source code license, then it is not possible to do. A change request to BSDi should be made for a chroot option.