[scponly] Re: scponly bug

joe joe at sublimation.org
Fri Oct 4 15:28:19 EDT 2002 

I'll integrate the tweak to add the "fi" in another build soon.  More
significant changes arent scheduled yet but i'm open to cross-platform
solutions (which with chroot-ing stuff, doesnt leave much of anything).

also, regarding winscp, yes, winscp does expect a real /bin/sh.  i'm
thinking of added some more #ifdef'ed stuff to SIMULATE evaluation of
$status and other variable stuff.  it would be easy to fool winscp into
thinking it was dealing with a real shell, which is what scponly does
anyway.  however, the problems with variable evaluation just cause some
annoying popup msgs and dont actually break anything.

joe



----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Thu, 3 Oct 2002, Andrew Chadwick wrote:

> On Wed, Oct 02, 2002 at 12:51:35PM +0200, Gabor Kovacs wrote:
> > joe wrote:
> >
> > >> I just tried to test your SCPONLY package. It seems to by little
> > >> messy package. It seems that 3.1 pakage nobody tested on Linux. make
> > >> jail ends with crazy error.
>
> Um, yes. I'll admit that the packages I've made so far don't even try to
> set up a chrooted environment, mainly because the script is heavily
> BSD-centric. I'll add support for gaol setup if there's a demand for a
> chrooting ability.
>
> User addition, setup, and removal might be better handled through a set
> of scripts, one per environment perhaps, with a common interface. joe,
> would you like me to come up with something here, and which operations
> do you think need to be automated?
>
> > >> But it is not big problem because chroot
> > >> for making jail is on Internet lot of other cookbooks.
>
> Yup - I must take a look at integration with makejail at some point
> <http://packages.debian.org/unstable/admin/makejail.html>.
>
> > WinSCP log follows:
> >
> > Detecting variable containing return code of last command.
> > Trying "$status".
> > echo "$status" ; echo "WinSCP: this is end-of-file:0"
>
> Which version of WinSCP was this, and is there a mode it can be put into
> that allows it to play more nicely with restricted shells like scponly?
> Does it have a pure-SFTP mode at all?
>
> I don't se WinSCP, and I can't test with it, but from your log, it seems
> to be playing with the assumption that there's a real /bin/sh at the
> other end.
>
> --
> Andrew Chadwick
>

More information about the scponly mailing list