Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/24/2014 01:23 PM, Reindl Harald wrote:


It's still very difficult to securely process uploaded files under a different user account.  Some SFTP clients set
restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that.


man umask

[root@rh:/downloads]$ cat /etc/ssh/sshd_config  | grep internal-sftp
Subsystem sftp internal-sftp -u 006


umask doesn't apply to explicit chmod.

--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux