On Fri, 8 Feb 2019 at 01:37, Derek Martin <c...@pizzashack.org> wrote:
> > [...], you need to know all of the possible ways to execute > a program from system code on all of your target platforms. And you > probably don't. And there are probably platform-dependent ways that > it could be done using inline assembly that would be hard or > impossible for you to block even if you did... > If the attacker is able to execute arbitrary system code, then they're already past the wall that this thing is intended to strengthen. It's value is in preventing them from getting to that point in the first place via tricky options that lead commands to exec attacker-controlled things. Also, I have heard rumours of commands that helpfully fire up an editor on error, which is exactly what you don't want when trying to restrict a user. This would be mitigated by blocking exec()s, and maybe other insane behaviours that none of us yet know of would also be trapped. [snip code review] > Thanks for taking the time to do that, you make several good points which I'll incorporate.
_______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
