[scponly] danger of allowing -e in rsync ?

Kaleb Pederson kpederson at mail.ewu.edu
Thu Apr 6 11:31:29 EDT 2006


On Tuesday 04 April 2006 9:28 pm, Daniel Webb wrote:
> On Sat, Mar 25, 2006 at 06:59:58PM +0100, Lupe Christoph wrote:
> > On Friday, 2006-03-24 at 07:51:50 +0100, Sven Hoexter wrote:
> > > Well from time to time someone has found a way to brake out of a
> > > chroot. So it might be possible that someone uploads his personal
> > > brake-out-of-chroot program and executes it and is out.
> >
> > The cracker needs to be able to exploit a vulnerability to become root.
> > POSIX prescribes that root *must* be able to escape a chroot.
>
> That's what I thought.  So a scponly configure option for no command
> limitations in the chroot case would be a problem assuming an attacker has
> a local root exploit using the access they have in the chroot only.  I'd
> think that's an acceptable risk for a lot of applications.

To me, it's still a huge risk -- the user has the ability to execute *any* 
program they wan't.  For example, what if they statically compile a daemon 
and then upload it to the system.  They could use it to scan the internal 
network, etc. etc.  It's a risk I would never take.  Also, if they can 
execute any program they want, if there is ever an exploit on any software on 
the system, including the kernel, it's likely they could take an advantage of 
the exploit and gain too much access.

Just my thoughts.

--Kaleb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060406/9bd367e2/attachment.bin


More information about the scponly mailing list