All,
Today I released rssh-2.3.4, which fixes an old issue, and a new
issue:
On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote:
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh
On Tue, May 15, 2012 at 10:46:04AM -0500, Derek Martin wrote:
On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote:
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh. As far as I can
On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote:
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh. As far as I can tell, there is no way to effect a
root compromise, except
[Resent to correct recpients; moderators, please approve THIS
message.]
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh/
Henrik Erkkonen has discovered that, through clever manipulation of
On Tue, May 08, 2012 at 08:50:11PM -0400, Nico Kadel-Garcia wrote:
Is it still a problem with OpenSSH version 6, which was
recently published?
Yes. The flaw is in how rssh parses command lines, irrespective of
what SSH implementation is used. I've been a bit vague about the
details for
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh/
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent
On Mon, Oct 26, 2009 at 07:37:38PM +0100, Ansgar Wiechers wrote:
On 2009-10-24 Derek Martin wrote:
1. It circumvents the fact that to write to a file, you MUST be able
to write to its directory, so that the file attributes can be updated.
Wrong, because the file's attributes aren't stored
On Fri, Oct 23, 2009 at 11:57:58PM +0400, Dan Yefimov wrote:
That can hardly be called a real security hole, since the behaviour
described above is expected, and is as it was conceived by design.
Lots of security holes can fall into that category! The code matches
its design, and works as
Affected Software: rssh - all versions prior to 2.3.0
Vulnerability: local user privilege escalation
Severity: *CRITICAL*
Impact: local users can gain root access
Solution: Please upgrade to v2.3.1
Summary
---
rssh is a restricted
becomes more vulnerable to careless and insecure
coding practices, and we all play a part in that.
Thanks.
--
---
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED]| GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
be able to set
the umask in /etc/initscript (I haven't tried it).
--
---
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED]| GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
PGP signature
11 matches
Mail list logo