Using /bin/sh to exec subsystems [PATCH]

Patrick Higgins phiggins at transzap.com
Fri May 25 06:56:34 EST 2001


Which startup script? ~/.ssh/rc, .profile, both? Others?

I'm of the opinion that ~/.ssh/rc shouldn't be run for everyone. Perhaps
only those users with a shell in /etc/shells?

Shell startup files are only run in login shells, right? I don't see how
they pose a threat.

Using sftp-server as a login shell works fine for sftp, but it's causing
some problems with other services. There really needs to be a cleaner
way to restrict access to specific subsystems.

On 24 May 2001 15:27:29 -0500, mouring at etoh.eviladmin.org wrote:
> 
> 
> UGH.. Please.. No...
> 
> We moved from this.  If you wish sftp only accounts put sftp-server as the
> user's shell.  This works very well.
> 
> Running /bin/sh allows the user to insert unsafe code in their startup
> script which could allow them to get a shell on the server.
> 
> - Ben
> 
> On 24 May 2001, Patrick Higgins wrote:
> 
> > I've gone ahead and written the code to allow subsystems to always be
> > run with the Bourne shell instead of the user's shell, thus allowing
> > user's with invalid shells to be able to use sftp (but not ssh, because
> > their shell is invalid). The patch is attached.
> >
> >



More information about the openssh-unix-dev mailing list