Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] SSH question
  • From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
  • Date: Thu, 17 Mar 2005 02:51:52 +0100 (CET)
  • Message-id: <Pine.LNX.4.58.0503170243050.10283@xxxxxxxxxxxxxxxx>

The Wednesday 2005-03-16 at 20:12 -0500, David Truchan-contr wrote:


> However, I've noticed that there is nothing stopping a savy user from
> doing something like this:
>
> cat somefile |ssh hostname "cat - > /somedir/file-with-weak-perms"
>
> Aside from chrooting ssh, does anyone know of a clever way to avoid
> this scenario?

You could define their default shell to be rbash. It does not allow
changing directory. Check the man page for more info. There are other
restricted shells.

I don't know how scp or sftp are affected, however.

--
Cheers,
Carlos Robinson


< Previous Next >
References