the commercial ssh server has an option to chroot to a user's home
directory. there are patches available to openssh to do it also,
though i don't know if they've been thoroughly audited. check out
http://mail.incredimail.com/howto/openssh/
you can make sftp-server the user's shell to only
On Sun, 2002-03-31 at 05:24, Jon McCain wrote:
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an
Previously martin f krafft wrote:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.1602 +0200]:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
why should we discuss this before pushing the temporary fix into the
security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix
Previously martin f krafft wrote:
wichert, it didn't. why should we discuss this before pushing the
temporary fix into the security archives???
Because it might impact other packages as well.
i'd also like to see answered, but right now, debian's got a semi-bug
in a package found on
Greetings!
Few days ago I updated the LISTAR maillist software (apt-get update;
ape-get dist-upgrade) with the latest security fix (a buffer overflow
IIRC). Since then, the program won't work anymore - does not produce
any output, returns with exit code 75
Seems the security fix is broken?
I've been playing around with the scp and sftp components of putty
and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way
to
chroot them like you can in an ftp config file?
scp is merely a way to use a
- Original Message -
From: Jon McCain
Sent: Sunday, March 31, 2002 8:54 AM
The user can change to directories above their home.
Is there a way to chroot them
Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
the commercial ssh server has an option to chroot to a user's home
directory. there are patches available to openssh to do it also,
though i don't know if they've been thoroughly audited. check out
http://mail.incredimail.com/howto/openssh/
you can make sftp-server the user's shell to only allow
On Sun, 2002-03-31 at 05:24, Jon McCain wrote:
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an
Previously martin f krafft wrote:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.1602 +0200]:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
why should we discuss this before pushing the temporary fix into the
security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix
Previously martin f krafft wrote:
wichert, it didn't. why should we discuss this before pushing the
temporary fix into the security archives???
Because it might impact other packages as well.
i'd also like to see answered, but right now, debian's got a semi-bug
in a package found on
Greetings!
Few days ago I updated the LISTAR maillist software (apt-get update;
ape-get dist-upgrade) with the latest security fix (a buffer overflow
IIRC). Since then, the program won't work anymore - does not produce
any output, returns with exit code 75
Seems the security fix is broken?
Bye
I've been playing around with the scp and sftp components of putty
and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way
to
chroot them like you can in an ftp config file?
scp is merely a way to use a
Few days ago I updated the LISTAR maillist software (apt-get update;
ape-get dist-upgrade) with the latest security fix (a buffer overflow
Perhaps the problem is with your second command. I've not had good
luck with 'ape-get' either. Perhaps it is distantly related to the
infinite monkeys
- Original Message -
From: Jon McCain
Sent: Sunday, March 31, 2002 8:54 AM
The user can change to directories above their home.
Is there a way to chroot them
Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
21 matches
Mail list logo