From: Florian Weimer <fw@deneb•enyo.de>
To: "Boyd Stephen Smith Jr." <bss@iguanasuicide•net>
Cc: git@vger•kernel.org
Subject: Re: is gitosis secure?
Date: Sun, 18 Jan 2009 14:25:04 +0100 [thread overview]
Message-ID: <87skngoifj.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <200901180650.06605.bss@iguanasuicide.net> (Boyd Stephen Smith, Jr.'s message of "Sun, 18 Jan 2009 06:50:06 -0600")
* Boyd Stephen Smith, Jr.:
> On Sunday 18 January 2009, Florian Weimer <fw@deneb•enyo.de> wrote
> about 'Re: is gitosis secure?':
>>* Sam Vilain:
>>> Restricted unix shells are a technology which has been proven secure
>>> for decades now.
>>Huh? Things like scponly and rssh had their share of bugs, so I can
>>see that there is some concern. (And restricted shells used to be
>>circumvented by things like Netscape's print dialog.)
>
> From my understanding, a restricted shell is a difficult thing to escape
> from unless a user is able to run binaries that they have written. FWIW,
> I don't remember sftp or scponly having this particular vulnerability.
scponly issues due to interpretation conflicts:
CVE-2002-1469 scponly does not properly verify the path when finding the (1) scp or ...
CVE-2004-1162 The unison command in scponly before 4.0 does not properly restrict ...
CVE-2005-4533 Argument injection vulnerability in scponlyc in scponly 4.1 and ...
CVE-2007-6350 scponly 4.6 and earlier allows remote authenticated users to bypass ...
CVE-2007-6415 scponly 4.6 and earlier allows remote authenticated users to bypass ...
rssh has fewer such issues, only CVE-2004-1161 seems to be intrinsic
to the program's purpose (but some of the other issues might be used
as circumvention devices, too).
That's why I think it's not totally outlandish to assume that
restricted shells are usually not very helpful for
compartmentalization purposes.
next prev parent reply other threads:[~2009-01-18 13:26 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:56 is gitosis secure? Thomas Koch
2008-12-09 9:04 ` Sam Vilain
2009-01-18 11:48 ` Florian Weimer
2009-01-18 12:50 ` Boyd Stephen Smith Jr.
2009-01-18 13:25 ` Florian Weimer [this message]
2009-01-18 14:19 ` Boyd Stephen Smith Jr.
2009-02-03 21:31 ` Tommi Virtanen
2009-02-04 12:12 ` Stephen R. van den Berg
2009-02-04 18:26 ` Tommi Virtanen
2009-02-05 7:52 ` Stephen R. van den Berg
2009-02-05 8:04 ` Tommi Virtanen
2008-12-09 9:07 ` R. Tyler Ballance
2009-02-03 21:41 ` Tommi Virtanen
2008-12-09 9:38 ` Sverre Rabbelier
2008-12-13 16:23 ` Nix
2008-12-13 18:07 ` Sverre Rabbelier
2008-12-14 2:26 ` Sitaram Chamarty
2008-12-14 5:40 ` david
2008-12-14 9:42 ` martin
2008-12-14 11:25 ` david
2008-12-14 10:51 ` Jakub Narebski
2008-12-15 0:54 ` david
2008-12-14 11:02 ` martin
2008-12-15 1:00 ` david
2008-12-15 7:17 ` Mike Hommey
2008-12-15 8:25 ` david
2008-12-15 8:35 ` Mike Hommey
2008-12-15 21:28 ` Tait
2008-12-14 11:42 ` Sitaram Chamarty
2008-12-15 1:20 ` david
2008-12-14 10:40 ` Jakub Narebski
2008-12-15 0:50 ` david
2008-12-15 7:20 ` Rogan Dawes
2008-12-15 8:37 ` david
2008-12-15 7:52 ` Rogan Dawes
2008-12-14 10:47 ` Jakub Narebski
2008-12-15 0:14 ` Nix
2008-12-15 1:29 ` david
2008-12-15 5:24 ` Asheesh Laroia
2008-12-15 6:32 ` david
2008-12-09 19:18 ` Garry Dolley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87skngoifj.fsf@mid.deneb.enyo.de \
--to=fw@deneb$(echo .)enyo.de \
--cc=bss@iguanasuicide$(echo .)net \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox