Is ssh not safe?
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sun Jul 25 13:49:16 UTC 2004
Am So, den 25.07.2004 schrieb Aaron Gaudio um 5:42:
> > > I've always been fond of the rbash shell... symbolic link bash to
> > > rbash, then set their shell to /bin/rbash.... pretty cool.
> >
> > What should that be? Restricting morons?
> >
> > I suggest you do it yourself and then when logged in with such an rbash
> > shell you enter "bash" and then rethink the sense of such a shell
> > setting ;)
>
> Fortunately, restricted mode is a little more intelligent than that. It will
> not allow you to specify "/" in command names, and PATH is a read-only
> variable. So, properly configured, a restricted bash shell can provide a
> little more semblance of security thatn you let on, though it surely is not
> a panacea.
It didn't want to say that an rbash is useless under all circumstances.
My intention was just to point out that what Brentley found so "pretty
cool" is useless from aspect of security. In this thread the previous
discussion was about exactly that and his reply was meant as a simple
alternate to a chroot.
I felt Brentley's suggestion was worth a critic because it is at best
fake security.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp
Serendipity 15:42:02 up 3 days, 30 users, load average: 0.99, 0.48, 0.36
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040725/ead0d03e/attachment-0001.sig>
More information about the fedora-list
mailing list