[scponly] Please: is actual download version of scponly without opatches posted here secure or not?

David Ramsden david at hexstream.eu.org
Tue Jan 25 07:03:14 EST 2005


On Tue, Jan 25, 2005 at 12:55:36PM +0100, Peter Holm wrote:
[snip]
> I am not an security expert, but after reading some chroot manual and
> the messages on thius list I started scratching my head. maybe anybody
> here could help me with an answer:
> 
[snip]
> 
> http://sublimation.org/scponly/scponly-4.0.tgz
> 
> secure or not? There was a mail on a chroot issue on this list with a
> patch applied, is this neccassary to have scponly running with chroot
> in a safe way? 
> 

The above URL is "secure". i.e. this version does not suffer from
arbituary command execution that the previous versions did.

I posted the problem with the chroot stuff. It /is/ a problem but would
be extremely hard to exploit (it may not even be possible). My patch
corrected that issue and also a bug with chdir() i.e. if you enable a
chroot for scponly and set the users home directory to
/home/user//incoming, they won't be put in to ~/incoming by default.

So you could say the current version does indeed have a security flaw in
it but it'd be very hard to exploit this. If you're very worried, apply
my patch which should be included in the next release (although CVS is
currently broken for scponly!).

Regards,
David.
-- 
 .''`.     David Ramsden <david at hexstream.eu.org>
: :'  :    http://david.hexstream.eu.org/
`. `'`     PGP key ID: 507B379B on wwwkeys.pgp.net
  `-  Debian - when my girlfriend's away and there's nothing better to do.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20050125/f3f1b0ec/attachment.bin


More information about the scponly mailing list