Subsystem sftp invoked even though forced command created
Jochen Bern
Jochen.Bern at binect.de
Wed Jul 5 18:52:20 AEST 2023
On 05.07.23 02:50, Damien Miller wrote:
> Some possibilities:
> 1. the receive.ksh script is faulty in some way that causes it to invoke
> sftp-server
How would the script even *know* that the client requested the SFTP
subsystem? Is a subsystem's executable/path, supposedly internally
overwritten with the forced command at that point, exposed through
$SSH_ORIGINAL_COMMAND ?
(As a quick preliminary check, I'd suggest doing a "ps auwwwx --forest"
on the server while WinSCP has a "hacked" session open. If the
sftp-server process turns out to be a child of the script, bingo. If
not, the script could still be the culprit, but then we'd know that it
must "exec" the sftp-server or somesuch, rather than calling it
"normally" as a subprocess.)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230705/f437f348/attachment.p7s>
More information about the openssh-unix-dev
mailing list