From: Florian Weimer <fw@deneb.enyo.de>
To: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Cc: git@vger.kernel.org
Subject: Re: is gitosis secure?
Date: Sun, 18 Jan 2009 14:25:04 +0100 [thread overview]
Message-ID: <87skngoifj.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <200901180650.06605.bss@iguanasuicide.net> (Boyd Stephen Smith, Jr.'s message of "Sun, 18 Jan 2009 06:50:06 -0600")
* Boyd Stephen Smith, Jr.:
> On Sunday 18 January 2009, Florian Weimer <fw@deneb.enyo.de> wrote
> about 'Re: is gitosis secure?':
>>* Sam Vilain:
>>> Restricted unix shells are a technology which has been proven secure
>>> for decades now.
>>Huh? Things like scponly and rssh had their share of bugs, so I can
>>see that there is some concern. (And restricted shells used to be
>>circumvented by things like Netscape's print dialog.)
>
> From my understanding, a restricted shell is a difficult thing to escape
> from unless a user is able to run binaries that they have written. FWIW,
> I don't remember sftp or scponly having this particular vulnerability.
scponly issues due to interpretation conflicts:
CVE-2002-1469 scponly does not properly verify the path when finding the (1) scp or ...
CVE-2004-1162 The unison command in scponly before 4.0 does not properly restrict ...
CVE-2005-4533 Argument injection vulnerability in scponlyc in scponly 4.1 and ...
CVE-2007-6350 scponly 4.6 and earlier allows remote authenticated users to bypass ...
CVE-2007-6415 scponly 4.6 and earlier allows remote authenticated users to bypass ...
rssh has fewer such issues, only CVE-2004-1161 seems to be intrinsic
to the program's purpose (but some of the other issues might be used
as circumvention devices, too).
That's why I think it's not totally outlandish to assume that
restricted shells are usually not very helpful for
compartmentalization purposes.
next prev parent reply other threads:[~2009-01-18 13:26 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:56 is gitosis secure? Thomas Koch
2008-12-09 9:04 ` Sam Vilain
2009-01-18 11:48 ` Florian Weimer
2009-01-18 12:50 ` Boyd Stephen Smith Jr.
2009-01-18 13:25 ` Florian Weimer [this message]
2009-01-18 14:19 ` Boyd Stephen Smith Jr.
2009-02-03 21:31 ` Tommi Virtanen
2009-02-04 12:12 ` Stephen R. van den Berg
2009-02-04 18:26 ` Tommi Virtanen
2009-02-05 7:52 ` Stephen R. van den Berg
2009-02-05 8:04 ` Tommi Virtanen
2008-12-09 9:07 ` R. Tyler Ballance
2009-02-03 21:41 ` Tommi Virtanen
2008-12-09 9:38 ` Sverre Rabbelier
2008-12-13 16:23 ` Nix
2008-12-13 18:07 ` Sverre Rabbelier
2008-12-14 2:26 ` Sitaram Chamarty
2008-12-14 5:40 ` david
2008-12-14 9:42 ` martin
2008-12-14 11:25 ` david
2008-12-14 10:51 ` Jakub Narebski
2008-12-15 0:54 ` david
2008-12-14 11:02 ` martin
2008-12-15 1:00 ` david
2008-12-15 7:17 ` Mike Hommey
2008-12-15 8:25 ` david
2008-12-15 8:35 ` Mike Hommey
2008-12-15 21:28 ` Tait
2008-12-14 11:42 ` Sitaram Chamarty
2008-12-15 1:20 ` david
2008-12-14 10:40 ` Jakub Narebski
2008-12-15 0:50 ` david
2008-12-15 7:20 ` Rogan Dawes
2008-12-15 8:37 ` david
2008-12-15 7:52 ` Rogan Dawes
2008-12-14 10:47 ` Jakub Narebski
2008-12-15 0:14 ` Nix
2008-12-15 1:29 ` david
2008-12-15 5:24 ` Asheesh Laroia
2008-12-15 6:32 ` david
2008-12-09 19:18 ` Garry Dolley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87skngoifj.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=bss@iguanasuicide.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.