[scponly] scponly 4.2 released (IMPORTANT SECURITY FIXES)

wby oblyr joe at sublimation.org
Thu Dec 22 14:21:46 EST 2005 

Yep, scp off by default.

The recommended default is now sftp.  I am basing this on my assumption that most scponly users are 
interactive users (as opposed to scripts).  This has some implications:

 - if it werent for the age of the project, yes the name could be changed to sftponly.  given it's age, i dont 
think a name change is really warranted.

 - those administrators who do need to support scp will need to read the ./configure -help page and enable scp.  
This small step ensures they realize that they are departing from the default.

Due to the complexity of parsing and checking the arguments of OTHER programs, AND given that most of scponly 
users are people, AND given that even winscp supports sftp, I think the party line should be changed to recommend 
sftp.  

Having said that, I dont know of any other security problems with using scp.  I wouldnt hesitate to enable scp 
myself (especially since all scponly exploits require a username and credentials anyway).

As we've already seen, not all getopt implementations were created equal, and I'd sooner administrators explicitly 
accept the risk of some hypotethical future argument checking problem.

joe

user wrote this message on Thu, Dec 22, 2005 at 10:51 -0500:
> 
> 
> On Wed, 21 Dec 2005, wby oblyr wrote:
> 
> > Problem Description:
> > If ANY the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local 
> > privilege escalation exploit:                                                                                          
> >                                                                                                                         
> >  - scp compatibility is enabled
> >  - rsync compatibility is enabled
> 
> 
> Ok, at first I thought this was a typo, and you really meant "WinSCP" for
> that first one, not "scp".
> 
> 
> > Fix:
> > The new release of scponly-4.2:
> >  - uses getopt to process the arguments to scp and rsync.
> >  - does not support rsync or scp by default
> 
> 
> So ... do I understand correctly - the scponly shell does not support scp
> by default anymore ?
> 
> If the default does not support scp and rsync, does that mean 0% of all
> scponly admins will ever install the default ?  What would you do with the
> default install ?

More information about the scponly mailing list