[scponly] danger of allowing -e in rsync ?

Sven Hoexter sven at timegate.de
Fri Mar 24 01:51:50 EST 2006


On Thu, Mar 23, 2006 at 12:17:48PM -0700, Daniel Webb wrote:
> On Wed, Mar 22, 2006 at 08:03:18PM -0500, Ensel Sharon wrote:
> 
> > I am using scponlyc in a chroot.  If I simply edit scponly.c and remove
> > the -e restriction on rsync, doesn't the chroot limit the potential
> > attacker to only those commands that are in the chroot ?
> > 
> > How bad of an idea would it be to do this, while I am waiting for these
> > fixes ?
> 
> I was wondering the same thing.  Even more generally, how bad would it be to
> have a compile-time option to just disable argument checking for the chroot
> case?  
> 
> Since I have no shell or anything else dangerous in the chroot, can anyone
> posit a worst-case scenario with argument-checking disabled?
Well from time to time someone has found a way to brake out of a chroot.
So it might be possible that someone uploads his personal brake-out-of-chroot
program and executes it and is out.

Sven
-- 
If God passed a mic to me to speak
I'd say stay in bed, world
Sleep in peace
   [The Cardigans - 03:45: No sleep]



More information about the scponly mailing list