-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quoting myself from Sun, 6 Jun 2004 18:45:23 : > > This solution has 1 security weakness - the `scp_login' is root > sticky, so a user may use it to execute any program (by renaming it > to su-scp.abs) as root. To overcome this the `scp_login' should check > the uid when it starts. Another option is to install it on a computer > that only serves "scp only" users.
I solved this problem by doing md5sum on the 2nd program (su-scp.abs) and checking it by the root sticky program before calling `chroot'. Ehud. - -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry -----BEGIN PGP SIGNATURE----- Comment: use http://www.keyserver.net/ to get my key (and others) iD8DBQFAw1umLFvTvpjqOY0RAnntAJ956ERs36Hpj+SNY+MVtqJ/ut52HgCeInB/ bOibAIFWLdM3vmwsRdjMiso= =tEZB -----END PGP SIGNATURE----- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
