Tobias Ulmer wrote:
On Mon, Mar 20, 2006 at 05:35:31PM +0100, Michael Schmidt wrote:
I am looking for both sftp and scp configurations where client users are
forced into chroot jails from where they cannot escape from and cannot
break.
Look at scponly. However, do not enable additional stuff,
espcially the rsync has gaping holes if my last look into the code was
correct. scponly uses a blacklist to prevent bad guys passing
dangerous arguments to them, a thing wich obviously doesn't work very
well. But it's the best you can get if you need this kind of
functionality.
Thanks for the feedback and also for other replies I got per direct mail.
I don4t have it available right now, but I think I have read somewhere
that in case some bad guys have the necessary skills and "know what they
are doing" then scponly chrooted limits can be broken. But I4m not sure
about that.
After having done a bit more researching I have seen that there is a kit
called jailkit, its website is:
http://olivier.sessink.nl/jailkit/
Who on this misc mailing list knows jailkit?
Which experiences did you make with it?
How secure is it?
--
Michael Schmidt MIRRORS:
DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
