[scponly] scponly 3.8
Mike Cronnelly
mike at clockltd.com
Wed Apr 30 19:27:48 EDT 2003
Sven Hoexter wrote:
>On Wed, Apr 30, 2003 at 11:03:39AM +0100, Mike Cronnelly wrote:
>
>Hi,
>
>
>
>>I'm running a chroot scponly under RedHat Linux 9. The "groups" command
>>which WinSCP runs at startup is actually a shell script under this OS
>>which requires /bin/sh (as well as id).
>>
>>So.... it works fine if I copy /bin/sh into the jail. Is this a security
>>problem?
>>
>>
>
>Well if somebody finds a way to start /bin/sh or a way to inject somemore
>commands this might be a usefull starting point to do some damage and/or
>escape the chroot. Might be a risk, like any other tool/program in a
>chroot but if it's needed for what ever you've to accept this risk.
>
I only did it to avoid the "group" warning in WinSCP startup! I'll get
rid of it because it not at all important.
Cheers!
Mike
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list