is an alternative "shell" of sorts for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges (a wrapper around "ssh"). Commands like chmod, pwd, chown, etc. are allowed for sftp.
| SECURITY (scponly-20110526.tgz) | : | SECURITY (scponly-4.8.tgz) |
|---|
| | |
| skipping to change at line 31 | | skipping to change at line 31 |
|---|
| pre-commit, post-commit hooks, as well as a few others. These files | | pre-commit, post-commit hooks, as well as a few others. These files |
| have specific filenames at specific locations relative to the svn | | have specific filenames at specific locations relative to the svn |
| repository root. Thus, unless you are *very* careful about security, | | repository root. Thus, unless you are *very* careful about security, |
| the user WILL BE ABLE TO EXECUTE SCRIPTS OR PROGRAMS INDIRECTLY! This | | the user WILL BE ABLE TO EXECUTE SCRIPTS OR PROGRAMS INDIRECTLY! This |
| can be prevented by a careful configuration. | | can be prevented by a careful configuration. |
| -- The following programs use configuration files that might allow the user | | -- The following programs use configuration files that might allow the user |
| to bypass security restrictions placed on command line arguments: | | to bypass security restrictions placed on command line arguments: |
| | |
| svn, svnserve, rsync, and unison | | svn, svnserve, rsync, and unison |
| | |
|
| Note specifically that rsync uses popt for parsing command line argumen | | |
| ts | | |
| and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus, | | |
| users can likely bypass argument checking for rsync. | | |
| | | |
| 4) Make sure that all files required for the chroot have the IMMUTABLE and | | 4) Make sure that all files required for the chroot have the IMMUTABLE and |
| UNDELETABLE bits set. Other bits might also be prudent. See: man 1 chattr. | | UNDELETABLE bits set. Other bits might also be prudent. See: man 1 chattr. |
| | |
| 5) Only put files in the chroot that are absolutely essential to its | | 5) Only put files in the chroot that are absolutely essential to its |
| functionality. | | functionality. |
| | |
| 6) Make sure the following directories are locked down appropriately: | | 6) Make sure the following directories are locked down appropriately: |
| | |
| ~/.ssh, ~/.unison, ~/.subversion | | ~/.ssh, ~/.unison, ~/.subversion |
| | |
| NOTE: depending on file permissions in the above, ssh, unison, and | | NOTE: depending on file permissions in the above, ssh, unison, and |
|
| subversion may not work correctly. Also note that the location of the | | subversion may not work correctly. |
| above directories is sometimes system dependent, so please check the | | |
| documentation specific to your system. | | |
| | |
| 7) Make sure that every directory the users have write permissions to are | | 7) Make sure that every directory the users have write permissions to are |
| on a filesystem that is mounted NODEV, NOEXEC. Eg. Make sure that they | | on a filesystem that is mounted NODEV, NOEXEC. Eg. Make sure that they |
| cannot execute files that they have permissions to upload. They should | | cannot execute files that they have permissions to upload. They should |
| also not need permissions to create any devices. If the user can't execute | | also not need permissions to create any devices. If the user can't execute |
|
| any files that he has access to upload and the executable files on the | | any files that he has access to upload, then you need not worry about the |
| system are not considered harmful, then you need not worry about the | | |
| security problems referencing svn/svnserve above! | | security problems referencing svn/svnserve above! |
| | |
| 8) Monitor your logs! If you start to see something funny, odd, or strange in | | 8) Monitor your logs! If you start to see something funny, odd, or strange in |
| the logs, please let us know so that we can investigate and make sure any | | the logs, please let us know so that we can investigate and make sure any |
| problems are resolved. | | problems are resolved. |
| | |
| 9) Stay up-to-date with the scponly installs. We don't have releases too | | 9) Stay up-to-date with the scponly installs. We don't have releases too |
| often, but the changes we do make are usually important! | | often, but the changes we do make are usually important! |
| | |
| 10) Enjoy! | | 10) Enjoy! |
| | | |
| End of changes. 3 change blocks. |
|---|
| 10 lines changed or deleted | | 2 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 