On Sunday 18 January 2009, Florian Weimer <fw@xxxxxxxxxxxxx> wrote about 'Re: is gitosis secure?': >* Boyd Stephen Smith, Jr.: >> On Sunday 18 January 2009, Florian Weimer <fw@xxxxxxxxxxxxx> wrote >> >> about 'Re: is gitosis secure?': >>>* Sam Vilain: >>>> Restricted unix shells are a technology which has been proven secure >>>> for decades now. >>>Huh? Things like scponly and rssh had their share of bugs, so I can >>>see that there is some concern. (And restricted shells used to be >> >> From my understanding, a restricted shell is a difficult thing to >> escape from unless a user is able to run binaries that they have >> written. FWIW, I don't remember sftp or scponly having this particular >> vulnerability. > >scponly issues due to interpretation conflicts: Not sure all these apply, but I beleive some of them do, and I want to leave the CVE numbers in case someone wants to look them up. >CVE-2002-1469 >CVE-2004-1162 >CVE-2005-4533 >CVE-2007-6350 >CVE-2007-6415 >CVE-2004-1161 --- End of CVEs to investigate --- >That's why I think it's not totally outlandish to assume that >restricted shells are usually not very helpful for >compartmentalization purposes. I mostly agree with that statement. I make the assumption that, if the user can login via ssh (even under "only" a restricted shell) they can do anything a user in the same groups can do. I might be overestimating most people, but I don't think I'm underestimating anyone. I do *hope* that I get local privilege escalations patched before they are exploited, but I can't guarantee that. (I'm not sure there's really anyway to guarantee that, and I'd hate to upgrade a backup offline then replace the running instance. Especially if I had to go back to when the local privilege escalation was introduced [not just when it was "discovered"].) -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.
