PATCH: sftp-server logging.

Dan Kaminsky dan at doxpara.com
Tue Mar 19 03:57:05 EST 2002


> > sftp-server is a system service
>
> this is a misconception. currenlty sftp-server is not
> a system service, it's just something like ls or at.

ftp is a system service
sftp implies more secure than ftp, not less

since ftp generally lacks process execution privs(exec usually disabled),
while sftp presently requires it, ftp is more secure than sftp.  the worst
case scenario for an ftp password leak is file leakage; the worst case
scenario for a sftp password leak is generally root compromise (most OS's
can't withstand a local intruder with a shell, except openbsd).

if you do not accept the above analysis, I've got a file for you to put in
your web server's cgi-bin.  don't worry, you trust me to download files, why
not to execute code :)

this is a problem.  it will eventually need to get solved.  no
misconceptions, I understand exactly how sftp-server is presently
implemented; that's why I didn't document it :-)  not ready to replace
anon/restricted ftp, which is a major domain of that protocol.

apache is run by nobody all over the place; anyway, the point is it sure as
hell ain't run as root :-)  file transfer has slightly different rules,
that's all i'm sayin.

--dan





More information about the openssh-unix-dev mailing list