scp not tolerant of extraneous shell messages
Dan Kaminsky
dan at doxpara.com
Wed Jul 3 04:27:21 EST 2002
>
>
>sftp. Because the sftp setup I use forces the user to be chroot() into
>their ~/WWW directory so they can not modify their ~/.ssh nor any dot
>files within ~/. Removing executing their shell gains you nothing if you
>still let them play in the ~/.ssh/ section.
>
>
Well, I still get access to your network. Potentially, I might be able
to hijack incoming SFTP connections, extract the passwords, and get into
other people's shells.
Your solution does lock people to passwords, btw :-) And it sure as
hell ain't as elegant as "you can write what you want, but we ain't
executing any of it from the file transfer system."
You'd really take the (honestly) theoretical gain of crypto over the
very concrete loss of somebody else being able to run arbitrary code on
your machine?
>I'm really interested in why you allow users to modify your login files
>for your personal account.=)
>
>
Well, personally I equate executable permission with eventual root
compromise, but that's just a personal quirk.
--Dan
More information about the openssh-unix-dev
mailing list