* Boyd Stephen Smith, Jr.: > On Sunday 18 January 2009, Florian Weimer <fw@xxxxxxxxxxxxx> wrote > about 'Re: is gitosis secure?': >>* Sam Vilain: >>> Restricted unix shells are a technology which has been proven secure >>> for decades now. >>Huh? Things like scponly and rssh had their share of bugs, so I can >>see that there is some concern. (And restricted shells used to be >>circumvented by things like Netscape's print dialog.) > > From my understanding, a restricted shell is a difficult thing to escape > from unless a user is able to run binaries that they have written. FWIW, > I don't remember sftp or scponly having this particular vulnerability. scponly issues due to interpretation conflicts: CVE-2002-1469 scponly does not properly verify the path when finding the (1) scp or ... CVE-2004-1162 The unison command in scponly before 4.0 does not properly restrict ... CVE-2005-4533 Argument injection vulnerability in scponlyc in scponly 4.1 and ... CVE-2007-6350 scponly 4.6 and earlier allows remote authenticated users to bypass ... CVE-2007-6415 scponly 4.6 and earlier allows remote authenticated users to bypass ... rssh has fewer such issues, only CVE-2004-1161 seems to be intrinsic to the program's purpose (but some of the other issues might be used as circumvention devices, too). That's why I think it's not totally outlandish to assume that restricted shells are usually not very helpful for compartmentalization purposes. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
