[scponly] danger of allowing -e in rsync ?
Daniel Webb
lists at danielwebb.us
Thu Mar 23 14:17:48 EST 2006
On Wed, Mar 22, 2006 at 08:03:18PM -0500, Ensel Sharon wrote:
> I am using scponlyc in a chroot. If I simply edit scponly.c and remove
> the -e restriction on rsync, doesn't the chroot limit the potential
> attacker to only those commands that are in the chroot ?
>
> How bad of an idea would it be to do this, while I am waiting for these
> fixes ?
I was wondering the same thing. Even more generally, how bad would it be to
have a compile-time option to just disable argument checking for the chroot
case?
Since I have no shell or anything else dangerous in the chroot, can anyone
posit a worst-case scenario with argument-checking disabled?
More information about the scponly
mailing list