ChrootDirectory security
Alexander Prinsier
aphexer at mailhaven.com
Mon Mar 30 12:11:48 EST 2009
Peter Stuge wrote:
> Alexander Prinsier wrote:
>> I'm sure there are no setuid programs in /home, and never will be
>
> How can you be sure? Do you enforce permissions? Are you sure no
> other part of the system can (accidentally, or with "help") write
> to /home?
Well never 100% sure of course ;) But still...
-How could a setuid program end up in /home? (Unless root, being me,
does chmod u+s somewhere in /home (or a hardlinked file), but I'm
assuming I'm not that stupid).
-But on the other hand: suppose there is a setuid program in /home. I'm
only offering sftp access. How could they execute the setuid program
from within a sftp session?
Alexander
More information about the openssh-unix-dev
mailing list