No, it's rather fast. You'll see it. Let you surprise.

In the meantime I'm able to ssh login to a stock empeg player (a slightly modified hijack kernel is needed). I get a shell in a chrooted environment and scp works as expected. But I think what people wants is access to the /drive0 and /drive1 directories of the empeg. This is not possible in this environment!

So here is the big question to the linux gurus. How do I have access to these directories in a chrooted environment? I already asked google and tried the following methods but without success so far:

- mount directories to a directory inside chrooted environment (does not work because drives can only be mounted once in kernel 2.2)

- mount with the --bind option to a directory inside the chrooted environment (does not work because this option needs at least a kernel 2.4)

Any other ideas?

If you want full access to the empeg, then don't use a chroot'd environment.

This was not the aswer I hoped for. :-)
I have to use a chroot'd environment because otherwise it conflicts with other libraries.

#!/bin/sh
export LD_LIBRARY_PATH=/my_ssh_libs/
exec sshd

This is exactly the way I tried it first.
But sshd relies on many different files and folders which I thought are easier to provide in a chroot'd environment and do not conflict with the existing empeg things.
Maybe it would somehow work the way you proposed but I had no success.

Is there really now way to mount, link (e.g mount_union, mount_null) or whatever a directory from outsite the chroot'd environment? (I know the purpose of a chroot'd environment is to jail the user in there)

If you create the /dev/ node inside the chroot cell for the disk partition you want, then you ought to be able to mount it (again) inside there.

Cheers

is it possible to compile this thing static?

I have a copy of all the dev nodes inside.
I can for example unmount /drive1 (/dev/hdc4) and mount it inside the chroot'd environment. This works as expected.
But as much as I know you can NOT mount a partition twice to different mount points withhin the kernel 2.2. (kernel 2.4 allows this)

I don't know if it is possible to compile it static. But even then it uses additional services like pam.
What I do here is not compile the ssh package but use the precompiled debian packages.

Pam is optional -- should be able to eliminate it with a configure flag or something similar.

Pity that 2.2.xx won't allow multiple mounts -- I hadn't noticed that limitation before, and a brief glance at fs/super.c didn't promise much hope of a simple patch to "fix" that limitation.

So, you're back to LD_LIBRARY_PATH again.

EDIT: or you could try some really wretched hack like changing the regular mount location to a point within the chroot tree, and using a symlink to put it back where everything else expects to find it.

cheers

Mount it once, inside the chrooted environment, and symlink the original mountpoint to it

(actually, that's wretched)

Yes, this way it should work. I'll try it tomorrow.
Thanks for all the help.

Short version: rather than trying to secure the empeg (difficult and taxing on its CPU), put it behind a firewall.

Long version:
I'll be worrying about security when I install my carputer. I plan to use it to let me upload music to the empeg while it's still in the car (soon after parking).

Since I don't trust either WEP or WPA for access to my home network, I hacked my WRT54G to be an IPSec endpoint. Now I can VPN from my laptop to the Linksys (I allow others free Internet access, but my home lan is only visible to IPSec clients). The down side is that the Linksys's CPU is so slow that it can only push ~1.5Mbps through an IPSec tunnel (not enough for streaming video from the TiVo to my laptop). I'll soon build another linux box to be a VPN server (likely openvpn).

Also wanting to keep the empeg secure against wardrivers (as I'll have a PC in the trunk with ethernet to the empeg and WiFi), I'll config the carputer to be a firewall too. Then when in range of my home WiFi, it can VPN in (net-to-net) so I can upload new music.

The empeg shouldn't need any modification so no extra CPU or memory usage to slow it down.

Did you mean to ask a question of some kind?

Nope.

Just throwing in my $0.02.

The reason I wanted SSH wasnt for security really. It was for being able to copy files since I couldnt use FTP at my last job..

Happy birthday!

Thank you..