[ https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Fridland updated SSHD-731: -------------------------------- Comment: was deleted (was: Thanks for fast response. I am trying to use the workaround you suggested, however in Mina 1.3.0, which is the latest version in Maven repository (https://mvnrepository.com/artifact/org.apache.sshd/sshd-core) there is no withFileSystemAccessor method in SftpSubsystemFactory.Builder(). How do you suggest to solve this issue? Thanks.) > Vulnerability in SimpleAccessControlSftpEventListener implementation > --------------------------------------------------------------------- > > Key: SSHD-731 > URL: https://issues.apache.org/jira/browse/SSHD-731 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 1.3.0 > Reporter: Boris Fridland > Assignee: Goldstein Lyor > Priority: Minor > Fix For: 1.5.0 > > > After implementing sftp access control by overriding > SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory: > Scenario: > 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return > false > 2. Establish connection with WinScp > 3. try to create new file > expected result: access denied message + no influence on file system > actual: access denied message, + empty file is written to server disc. > in addition if existing file is opened, and being saved --> result is that > file content of is removed. > Attached configuration code: > {code:java} > SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder(); > builder.addSftpEventListener(new > SimpleAccessControlSftpEventListener() { > protected boolean isAccessAllowed(ServerSession session, String > remoteHandle, Path localPath) > throws IOException { > EUserAccessLevel level = > authorizationManager.getAccessLevel(session.getUsername()); > return level.hasReadAccess(); > } > protected boolean isModificationAllowed(ServerSession session, > String remoteHandle, Path localPath) > throws IOException { > EUserAccessLevel level = > authorizationManager.getAccessLevel(session.getUsername()); > return level.hasWriteAccess(); > } > }); > > sshd.setSubsystemFactories(Collections.singletonList(builder.build())); > sshd.setCommandFactory(new ScpCommandFactory()); > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)