Using /bin/sh to exec subsystems [PATCH]
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Fri May 25 06:27:29 EST 2001
UGH.. Please.. No...
We moved from this. If you wish sftp only accounts put sftp-server as the
user's shell. This works very well.
Running /bin/sh allows the user to insert unsafe code in their startup
script which could allow them to get a shell on the server.
- Ben
On 24 May 2001, Patrick Higgins wrote:
> I've gone ahead and written the code to allow subsystems to always be
> run with the Bourne shell instead of the user's shell, thus allowing
> user's with invalid shells to be able to use sftp (but not ssh, because
> their shell is invalid). The patch is attached.
>
>
More information about the openssh-unix-dev
mailing list