[scponly] How to protect against "chmod 777 /" ?
Robert J Taylor
robert at rjamestaylor.com
Tue Mar 2 15:03:30 EST 2004
Strange. I tried what you suggested and got the following:
psftp> chmod 777 /
set attrs for /: permission denied
I'm running scponlyc compiled on RH Enterprise Server 3.0 (using the RH9
changes).
The chrooted dir for user sftp is setup thusly:
drwxr-xr-x 3 sftp users 4096 Mar 2 03:58 public_html
User sftp is in group "users":
[root at sftp1 root]# groups sftp
sftp : users
Not sure what happened on your end...
Regards,
Robert Taylor
Lasse J. Kolb wrote:
> Hello!
>
> Today I had a really strange thing:
> I have a chrooted user-account ... created a normal user, then used
> scp-only.
>
> Public-Key-Auth, and the chrootet home was:
>
> /home/kai/
>
> Then the user was able to do following:
>
> He logged in with sftp and his key, and did: chmod 777 /
>
> He was able to change the permissions of the chroot-dir!
> The next time he was not able to log in ... maybe because now
> *anyone* could read/write/execute
>
> And in sshd_conf the "scrict mode = yes" is set.
> Maybe that is, why he was not able to log on again.
>
> How can I protect against this?
>
> Lasse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: robert.vcf
Type: text/x-vcard
Size: 255 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040302/d6af4d55/robert.vcf
More information about the scponly
mailing list