Using /bin/sh to exec subsystems [PATCH]
Andrew Bartlett
abartlet at pcug.org.au
Fri May 25 22:48:54 EST 2001
Patrick Higgins wrote:
>
> On 24 May 2001 15:47:31 -0500, mouring at etoh.eviladmin.org wrote:
> >
> >
> > On 24 May 2001, Patrick Higgins wrote:
> >
> > [..]
> > > Using sftp-server as a login shell works fine for sftp, but it's causing
> > > some problems with other services. There really needs to be a cleaner
> > > way to restrict access to specific subsystems.
> > >
> >
> > Like what? Pop3 works, Imap works... <shrug> I've never met a well
> > written program that has not worked with this method.
> >
>
> ProFTPd was checking the shell for validity, but it looks like there's a
> config option to turn those checks off.
>
> I hate to have to be hypothetical, but what if there were another
> popular SSH subsystem and you wanted to allow a user to use them both,
> but not have shell access? What I'm getting at is that while the
> solution works (for now), it's not without problems. Perhaps they're
> easy enough to live with until another subsystem is written (anyone know
> of any)?
>
> -Pat
The way I have set it up is a simple taint-mode enabled perl script, it
checks for command options, and if it is a permitted program
(sftp-server) then the server is run (hardcoded path). If we get
another subsystem, I just add an elsif. If they specify nothing, they
get a password change prompt (the inital reason for the script).
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the openssh-unix-dev
mailing list