mailing list archives
Re: ssh environment - circumvention of restricted shells
From: Markus Friedl <markus () openbsd org>
Date: Wed, 26 Jun 2002 23:58:44 +0200
On Mon, Jun 24, 2002 at 08:08:12PM -0400, ari wrote:
Given the similarities with certain other security issues, i'm surprised
this hasn't been discussed earlier. If it has, people simply haven't
paid it enough attention.
if you setup restricted accounts with restricted shells and allow
unrestricted writing to .ssh/** then you are lost. same
applies to ftp-only accounts where users have full control over
what's in their $HOME.
so for restricted accounts you have to be very careful, don't
allow writing to $HOME, just to some selected sub directories.