On Sunday 18 January 2009, Florian Weimer <fw@xxxxxxxxxxxxx> wrote about 'Re: is gitosis secure?': >* Sam Vilain: >> Restricted unix shells are a technology which has been proven secure >> for decades now. >Huh? Things like scponly and rssh had their share of bugs, so I can >see that there is some concern. (And restricted shells used to be >circumvented by things like Netscape's print dialog.) From my understanding, a restricted shell is a difficult thing to escape from unless a user is able to run binaries that they have written. FWIW, I don't remember sftp or scponly having this particular vulnerability. Even if a user is allowed to run scripts they have written, escaping from a chroot is more difficult, but per-user chroots have their own administrative overhead. They also might be escaped in the case of a simultaneous privilege escalation bug (allowing the attacker to be root in the chroot) and kernel bug (or "chroot feature") that gave chrooted root to write outside the chroot (for example, to a file they would be reasonably sure would be executed). I can't speak directly to gitosis' security. If users are allowed to, e.g. change the hooks in their repository, there may be an issue there. I certainly haven't done any sort of audit to the source code AND I do not hold any security certification--or even job experience in a security field, yet. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.
