Re: ssh environment - circumvention of restricted shells

From: Markus Friedl (markusat_private)
Date: Wed Jun 26 2002 - 14:58:44 PDT

Next message: isox: "Formatstring Vulnerability in decfingerd 0.7"

Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.30] UnixWare 7.1.1 Open UNIX 8.0.0 : dtprintinfo buffer overflow with Help search"
In reply to: ari: "ssh environment - circumvention of restricted shells"
Next in thread: Jose Nazario: "Re: ssh environment - circumvention of restricted shells"
Reply: Jose Nazario: "Re: ssh environment - circumvention of restricted shells"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 24, 2002 at 08:08:12PM -0400, ari wrote:
> Given the similarities with certain other security issues, i'm surprised
> this hasn't been discussed earlier.  If it has, people simply haven't
> paid it enough attention.

if you setup restricted accounts with restricted shells and allow
unrestricted writing to .ssh/** then you are lost.  same
applies to ftp-only accounts where users have full control over
what's in their $HOME.

so for restricted accounts you have to be very careful, don't
allow writing to $HOME, just to some selected sub directories.

-m

Next message: isox: "Formatstring Vulnerability in decfingerd 0.7"
Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.30] UnixWare 7.1.1 Open UNIX 8.0.0 : dtprintinfo buffer overflow with Help search"
In reply to: ari: "ssh environment - circumvention of restricted shells"
Next in thread: Jose Nazario: "Re: ssh environment - circumvention of restricted shells"
Reply: Jose Nazario: "Re: ssh environment - circumvention of restricted shells"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 18:37:25 PDT