ChrootDirectory security
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Mon Mar 30 12:17:46 EST 2009
On 2009-03-30 01:11, Alexander Prinsier wrote:
> Well never 100% sure of course ;) But still...
>
> -How could a setuid program end up in /home? (Unless root, being me,
> does chmod u+s somewhere in /home (or a hardlinked file), but I'm
> assuming I'm not that stupid).
>
> -But on the other hand: suppose there is a setuid program in /home. I'm
> only offering sftp access. How could they execute the setuid program
> from within a sftp session?
If you want to be sure, mount /home with the nosetuid option.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list