Date: Tue, 24 Nov 1998 00:50:41 +0400 From: Casper <casper@acc.am> To: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: logical bug in SSH 2.0 + FreeBSD Message-ID: <3659CAA1.D016100F@acc.am>
next in thread | raw e-mail | index | archive | help
When setuped restricted shell for users , for example rbash and $PATH restricted (by using login classes) to the some directory (say /usr/local/rbin) where placed links to the executables allowed to the clients any client can use ssh to get unrestricted shell .... Sshd2 setting PATH variable to the "/bin:/usr/bin:/usr/ucb:/usr/bin/X11:/usr/local/bin" by default(this can be overriden at compile time) so clients can run any shell located in the PATH and get unristricted shell .. PATH can be overriden by /etc/environment file , but how will admins use ssh ... ? Same bug presents in the sftpd .... if you put :ftp-chroot: option in the user login class , sftpd ignoring this ...... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3659CAA1.D016100F>