[scponly] How to protect against "chmod 777 /" ?
Lasse J. Kolb
Lasse at bsn.ch
Tue Mar 2 14:41:56 EST 2004
Hello!
Today I had a really strange thing:
I have a chrooted user-account ... created a normal user, then used
scp-only.
Public-Key-Auth, and the chrootet home was:
/home/kai/
Then the user was able to do following:
He logged in with sftp and his key, and did: chmod 777 /
He was able to change the permissions of the chroot-dir!
The next time he was not able to log in ... maybe because now
*anyone* could read/write/execute
And in sshd_conf the "scrict mode = yes" is set.
Maybe that is, why he was not able to log on again.
How can I protect against this?
Lasse
--
PGP: 0x4A1802C9 (RSA) · 0xBCF7BF1B (DSS/D-H)
Phone: +49 (0)5309/911462 · Fax: +49 (0)1212/511927288
Mobil: +49 (0)170/9020444 · http://www.bsn.ch/Lasse
ICQ: 5507446
More information about the scponly
mailing list