Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Derek Martin (codepizzashack.org)
Date: Tue May 08 2012 - 13:14:26 CDT
[Resent to correct recpients; moderators, please approve THIS
rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.
Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh. As far as I can tell, there is no way to effect a
root compromise, except of course if the root account is the one
you're attempting to protect with rssh...
This project is old, and I have no interest in continuing to maintain
it. I looked for easy solutions to the problem, but in discussing
them with Henrik, none which we found satisfactorily address the
problem. Fixing this properly will require more work than I want to
put into it.
Note in particular that ensuring that the AcceptEnv sshd configuration
option need not be turned on for this exploit to work.
Derek D. Martin
GPG Key ID: 0x81CFE75D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----