[PATCH] prevent users from changing their environment

Tony Finch dot at dotat.at
Fri Jul 26 11:59:32 EST 2002


Ben Lindstrom <mouring at etoh.eviladmin.org> wrote:
>On Thu, 25 Jul 2002, Carson Gaspar wrote:
>>
>> Just try to build a completely statically linked binary under Solaris.
>
>Then it is an OS defect.  My point still holds true.

It is a feature -- Solaris has an impressive amount of binary compatibility.

>Of course this all begs to ask.. "Why do you allow them to muck around in
>~/.ssh/ to start with?!"  Refer back to the chroot() + sftp/ssh arguments
>that occur ever 3 - 4 months on this list.

In our situation chroot isn't a solution. Users are allowed to upload
and download any files they want -- usually mailboxes, since this is
a mail server, but that implies that we can't restrict things at that
point. Secondly, they are allowed to put things in ~/.ssh so that they
can use public key authentication. The two combined mean that even if
the chroot were initially restricted, it could be exploited and turned
into a warez distribution point etc.

We have been using a patch like this for several years, and since I
think it would be helpful in environments other than ours, and since
I believe in contributing improvements to software that I use, I
thought you -- or your users -- might like to benefit from my work.

Tony.
-- 
f.a.n.finch <dot at dotat.at> http://dotat.at/
LUNDY FASTNET IRISH SEA SHANNON: WEST OR SOUTHWEST 3 OR 4, OCCASIONALLY 5.
OCCASIONAL DRIZZLE. MODERATE OR GOOD, OCCASIONALLY POOR.



More information about the openssh-unix-dev mailing list