"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/SECURITY" (11 Jul 2009, 3206 Bytes) of package /linux/privat/old/scponly-20110526.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "SECURITY": 4.8_vs_20110526.

    1 SECURITY
    2 
    3 Here are a few important things to know about security and scponly.  This is a
    4 brief attempt to document what should be done to correctly secure scponly.
    5 
    6 1) Configure scponly to use a chroot
    7 
    8 2) Configure scponly to use as few extra options and services as possible.  If
    9    possible, try to use something similar to the following:
   10 
   11    ./configure --disable-wildcards --enable-chrooted-binary \
   12    --disable-gftp-compat --with-sftp-server=/path/to/sftp-server
   13 
   14 3) NOTE THE FOLLOWING SECURITY RISKS:
   15 
   16    -- by enabling wildcards, there is a slightly higher chance of an exploit
   17    -- by enabling scp and/or scp compatibility, more programs will need to be
   18       installed in the chroot which increases the risk
   19    -- CAUTION: by enabling svn/svnserve the user WILL BE ABLE TO EXECUTE
   20       SCRIPTS OR PROGRAMS INDIRECTLY!  svn and svnserve will try to execute
   21       pre-commit, post-commit hooks, as well as a few others.  These files
   22       have specific filenames at specific locations relative to the svn
   23       repository root.  Thus, unless you are *very* careful about security,
   24       the user WILL BE ABLE TO EXECUTE SCRIPTS OR PROGRAMS INDIRECTLY!  This
   25       can be prevented by a careful configuration.
   26    -- The following programs use configuration files that might allow the user
   27       to bypass security restrictions placed on command line arguments:
   28 
   29 	  svn, svnserve, rsync, and unison
   30 
   31 	  Note specifically that rsync uses popt for parsing command line arguments
   32 	  and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus,
   33 	  users can likely bypass argument checking for rsync.
   34 
   35 4) Make sure that all files required for the chroot have the IMMUTABLE and
   36    UNDELETABLE bits set.  Other bits might also be prudent. See: man 1 chattr.
   37 
   38 5) Only put files in the chroot that are absolutely essential to its
   39    functionality.
   40 
   41 6) Make sure the following directories are locked down appropriately:
   42 
   43    ~/.ssh, ~/.unison, ~/.subversion
   44 
   45    NOTE: depending on file permissions in the above, ssh, unison, and
   46    subversion may not work correctly.  Also note that the location of the
   47    above directories is sometimes system dependent, so please check the
   48    documentation specific to your system.
   49 
   50 7) Make sure that every directory the users have write permissions to are
   51    on a filesystem that is mounted NODEV, NOEXEC.  Eg. Make sure that they
   52    cannot execute files that they have permissions to upload.  They should
   53    also not need permissions to create any devices.  If the user can't execute
   54    any files that he has access to upload and the executable files on the
   55    system are not considered harmful, then you need not worry about the
   56    security problems referencing svn/svnserve above!
   57 
   58 8) Monitor your logs!  If you start to see something funny, odd, or strange in
   59    the logs, please let us know so that we can investigate and make sure any
   60    problems are resolved.
   61 
   62 9) Stay up-to-date with the scponly installs.  We don't have releases too
   63    often, but the changes we do make are usually important!
   64 
   65 10) Enjoy!
   66 
   67 Lastly, if you have other suggestions and thoughts that would help secure an
   68 scponly install, please send them to us!
   69 
   70 Thanks for using scponly!