scp not tolerant of extraneous shell messages
Dan Kaminsky
dan at doxpara.com
Thu Jul 4 06:37:59 EST 2002
Markus Friedl wrote:
>On Tue, Jul 02, 2002 at 11:06:54AM -0700, Dan Kaminsky wrote:
>
>
>>Name an FTPD that does. Just one.
>>
>>
>
>yes, that's the point. ftpds run with the environment
>of root or a less trused user, but usually not under
>the uid of the authenticated user.
>
>however, sftp-server runs under the environment of
>the authenticated user, so it's much more resticted.
>
BFD. A brick wall is always more secure than a locked gate; it's why
OpenBSD has always been more secure than your stock Linux distro. No
7956456456 daemons listening for something they didn't expect.
I'll take "no opportunity to execute arbitrary commands within any
account" over "will only execute commands the shell happens to like" any
day.
>as i said before, don't give away powerful shells
>if you don't want to give away powerful shells.
>
>
So many externalities!
Want secure key management? Use some outside web page, hope it's
secure, let use know if you write a good one!
Want a secure file transfer system? Use some outside shell, I heard one
was made a while ago!
I'm all for encapsulation, but I'm seriously not seeing SFTP being what
it should be. A remote shell simply gives you far more power than a
standard FTP connection does -- full control over port forwarding, true
system root(oh, that's another external package), and so on.
We need another class of SSH connection that does nothing else but
serves files. It's a different security level, Markus. That which is
obviously authorized in the shell context is an utter security breach in
the file context.
SSH is awesome for remote shells. It...needs help for remote file access.
--Dan
More information about the openssh-unix-dev
mailing list