Nico Kadel-Garcia nka...@gmail.com writes:
Any chance I can talk you into submitting an update request at
redhat.bugizlla.com? As the author of rssh, I suspect they'll take
your update suggestion a lot more seriously than mine.
The security issue was coordinated with the Red Hat security
All,
Today I released rssh-2.3.4, which fixes an old issue, and a new
issue:
On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote:
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh/
From: Russ Allbery r...@stanford.edu
Subject: [PATCH] Handle the rsync v3 -e option for protocol information
As of rsync 3, rsync reused the -e option to pass protocol information
from the client to the server. We therefore cannot reject all -e
options to rsync, only ones not sent with --server
On Tue, Nov 27, 2012 at 6:59 PM, Derek Martin c...@pizzashack.org wrote:
All,
Today I released rssh-2.3.4, which fixes an old issue, and a new
issue:
Lastly, since the vendors are providing their own packages, and I'm no
longer set up to build RPMs, I am no longer providing rssh in RPM
On Tue, May 15, 2012 at 10:46:04AM -0500, Derek Martin wrote:
On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote:
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh. As far as I can
On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote:
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh. As far as I can tell, there is no way to effect a
root compromise, except of
[Resent to correct recpients; moderators, please approve THIS
message.]
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh/
Henrik Erkkonen has discovered that, through clever manipulation of
On Tue, May 08, 2012 at 08:50:11PM -0400, Nico Kadel-Garcia wrote:
Is it still a problem with OpenSSH version 6, which was
recently published?
Yes. The flaw is in how rssh parses command lines, irrespective of
what SSH implementation is used. I've been a bit vague about the
details for
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
http://www.pizzashack.org/rssh/
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent