[Bug 3486] SSH_ORIGINAL_COMMAND does not contan the original command anymore
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Oct 29 21:44:33 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3486
--- Comment #2 from Martin Rupp <martin.rupp at nefkom.net> ---
I cannot use the ChrootDirectory. I get an error.
I think the issue is Cygwin (no root user) and also the constraint that
all components of the Chroot path must be owned by UID 0 and GID 0 and
only be writeable by root.
Target path is /cygdrive/d/<subfolder1>/<subfolder2>
Also Chroot is not very secure in Cygwin.
It was so simple to filter the target path in SSH_ORIGINAL_COMMAND. I
used only a simple script which I have assigned to the command part in
the authorized keys.
I have also a very bad issue with sshd in Cygwin. I can copy files to
folders where the transfer user, used in the scp command, has no write
permission.
sshd is running under SYSTEM (= Local System).
If I use it without the filter of the correct information in
SSH_ORIGINAL_COMMAND, users can copy files to all location on the
Windows server. It is very unsecure and it is unuseable for me.
I need a solution as soon as possible.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list