Sylvain Beucler <[EMAIL PROTECTED]> tapota : >> > The problem is not "cvs server", it is the -L option (that can be done >> > only if I can execute a valid remote command. >> > >> > Then, I think one can do -L8080:mail.gna.org:25 and send spam from >> > inside Gna!, for example. >> >> Would you like to do a test? > > I did it; you should receive a message from [EMAIL PROTECTED] to > [EMAIL PROTECTED] sent via cvs.gna.org shortly. Beware, I forgot to > add a subject. > > > I just received another test I sent to myself. > > Using the same SMTP transaction via a direct connection gives an error > message saying that relaying is not permitted.
Interesting, indeed. I configure the ssh server now to refuse the port forwarding, I was not aware it could be used in such way (I'm hesitating to fill a bug against the ssh debian package for not even containing this AllowTcpForwarding option mentioned in sshd_config). Even if it does not seems to enable user to compromise the server in itself, it surely can be exploited in a unwanted way, as you demonstrated. >> Do you add a prefix specifically disallow port-forwarding? > > That what was setup at Savannah, yes. > But I guess we'll do it somehow else now. Out of curiosity, which prefix do that? > blocking port-forwarding. It is >> something you use so frequently? > > Well, I used it for the time a few days ago, because my school's > timetable page (edt.essi.fr) was attacked and is now unreachable fom > the outside. Hence I had to setup port forwarding from the only > machine that is reachable from the outside via SSH :) > > I admit I never used it at Savannah; however, speaking generally, port > forwarding is not the only thing you can disable in > ~/.ssh/authorized_keys, so you *may* want it to be activated only for > a restricted set of users. Or run another daemon, which 'fixes' your > concerns about implenting security in user files. I think I would always recommend security measures that take place outside of ~/, for previously mentioned reasons. > > So to sum up, > > - checking the key format is unnecessary and the code can be removed. > > - adding prefixes to authorized_keys is not a good design, one should > rather run another ssh daemon for privileged users, and the code can > be removed. I think so, yes. Regards, and thanks for your patient work :) -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
