Static bins

ken_i_m at elegantinnovations.net ken_i_m at elegantinnovations.net
Wed Jan 7 09:57:04 PST 2004


On Wed, Jan 07, 2004 at 12:18:42PM -0500, Robert Connolly (cendres at videotron.ca) wrote:
> If a system is running ftpd and sshd, where a user has ftpd access but not 
> sshd shell, and has a shell of /bin/false, I think the only thing preventing 
> the user from forcing a shell is a single setting in the sshd_config 
> disallowing enviroment vars. If thats still true, then it would certainly 
> help if /bin/false were staticly linked; and why stop there when suid bins 
> share the same theroretical problem.

[Making no investigation into the actual case as described above.]

Why is "...a single setting in the sshd_config" a concern?  Two or more 
settings would be worse as they would increase the possiblity of getting 
things mis-configured.
-- 
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495



More information about the hlfs-dev mailing list