[scponly] scponly 3.8
Sven Hoexter
sven at timegate.de
Wed Apr 30 17:58:39 EDT 2003
On Wed, Apr 30, 2003 at 11:03:39AM +0100, Mike Cronnelly wrote:
Hi,
> I'm running a chroot scponly under RedHat Linux 9. The "groups" command
> which WinSCP runs at startup is actually a shell script under this OS
> which requires /bin/sh (as well as id).
>
> So.... it works fine if I copy /bin/sh into the jail. Is this a security
> problem?
Well if somebody finds a way to start /bin/sh or a way to inject somemore
commands this might be a usefull starting point to do some damage and/or
escape the chroot. Might be a risk, like any other tool/program in a
chroot but if it's needed for what ever you've to accept this risk.
> wbr oblyr wrote:
>
> >i added the "chgrp" and "id" programs to the configuration to address the
> >last two installation issues people have been having. thanks for the
> >great feedback...
> >
> >3.8 is available at http://www.sublimation.org/scponlyB
RPMS/SRPMS are avaible.
Sven
--
It really sucks to give your heart to a girl
You want to know her like she knows the whole world
But 10 seconds in, it's obvious, your going nowhere...
[Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock]
More information about the scponly
mailing list