From: Gaby Vanhegan (gabyvanhegan.net)
Date: Wed Dec 01 2004 - 06:03:36 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hiren Patel wrote:

Sorry for replying to the list, your personal email address bounced back
to me several times:

> i am interested in using your scponly port on a server to chroot web
> designs to allow them to upload web page content for my web server.
>
> ive heard it works fabulously, my only question is:
> has it been audited in any way, im particlularly interested in its
> safety because i read that it needs to be compiled and run with setuid
> for chroot capabilities.

I'm not 100% sure about that. It operates as your user shell, in the
same way that bash, ksh or sh would act as your shell. SSH lets you
login, changes to your user ID then executes your shell. For this
package, you install the scponly shell, which only allows scp commands
and nothing else. I don't recall any suid permissions needing to be
set, but I may be wrong as I didn't write the software :)

I have not conducted any auditing of the scponly software, so I cannot
vouch in any way for its security or stability. You're much better off
talking to the author:

http://www.sublimation.org/scponly/

Install the package and check the binaries. I think it only installs
about 5 files so you can check them all out for suid permissions. If
you don't like it, you can always pkg_delete again. The packaging
system is nice and clean, allowing you to properly get rid of stuff you
don't need or want.

> thanks for your time and wonderfull efforts for porting scponly.
> it helps many of us.

No problems. I tried to submit the package to the developers of the
software but have not heard anything back from them for months... :(

Gaby

--
Ha! Ha! Ha! Dislocation...
- Phil Ken Sebben

gabyvanhegan.net
http://vanhegan.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]