[scponly] support for more generalized chroot exceptions in
scponly
Kaleb Pederson
kpederson at mail.ewu.edu
Tue Mar 14 17:28:25 EST 2006
Is this the rdist you're talking about:
http://www.magnicomp.com/rdist/rdist.shtml
If so, it looks like the -P transport_path program would prevent it from being
secure as it gets executed. Somebody could create their own script which did
<whatever>, upload it, set permissions, and then run it by having rdist use
-P. And... it seems -P would almost be 'necessary', although we could put it
in the disallowed argument list.
Thanks.
--Kaleb
On Tuesday 14 March 2006 2:17 pm, John Kozubik wrote:
> Regarding the recent discussion titled:
>
> Re: [scponly] I _still_ don't understand --enable-quota-compat
>
> I am in favor of the idea that command-specific patches to allow things
> like passwd to work in an scponlyc jail should be replaced by a more
> general patch that allows an administrator to specify arbitrary exceptions
> to the chroot.
>
> Specifying the particular exceptions (quota, passwd) at compile time seems
> like a good idea.
>
> I would also like to express a desire for rdist functionality.
>
> Thanks.
>
> -----
> John Kozubik - john at kozubik.com - http://www.kozubik.com
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060314/38fc433b/attachment.bin
More information about the scponly
mailing list