Using /bin/sh to exec subsystems [PATCH]
Patrick Higgins
phiggins at transzap.com
Fri May 25 06:56:34 EST 2001
Which startup script? ~/.ssh/rc, .profile, both? Others?
I'm of the opinion that ~/.ssh/rc shouldn't be run for everyone. Perhaps
only those users with a shell in /etc/shells?
Shell startup files are only run in login shells, right? I don't see how
they pose a threat.
Using sftp-server as a login shell works fine for sftp, but it's causing
some problems with other services. There really needs to be a cleaner
way to restrict access to specific subsystems.
On 24 May 2001 15:27:29 -0500, mouring at etoh.eviladmin.org wrote:
>
>
> UGH.. Please.. No...
>
> We moved from this. If you wish sftp only accounts put sftp-server as the
> user's shell. This works very well.
>
> Running /bin/sh allows the user to insert unsafe code in their startup
> script which could allow them to get a shell on the server.
>
> - Ben
>
> On 24 May 2001, Patrick Higgins wrote:
>
> > I've gone ahead and written the code to allow subsystems to always be
> > run with the Bourne shell instead of the user's shell, thus allowing
> > user's with invalid shells to be able to use sftp (but not ssh, because
> > their shell is invalid). The patch is attached.
> >
> >
More information about the openssh-unix-dev
mailing list