Re: AW: sftponly
From: Ben Lindstrom (mouring_at_etoh.eviladmin.org)
Date: 06/24/03
- Previous message: Brian Hatch: "Re: trying to use keys...been asked a bunch, didn't find many solutio ns"
- In reply to: Michael.Eisele_at_t-systems.com: "AW: sftponly"
- Next in thread: Atro Tossavainen: "Re: sftponly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jun 2003 11:20:38 -0500 (CDT) To: Michael.Eisele@t-systems.com
On Tue, 24 Jun 2003 Michael.Eisele@t-systems.com wrote:
> Why isn't it possible to use an mechanism like it is provided with the
> open source software proftpd for ftp?
> This server sets up virtual ftp servers and accounts, doesn't use the
> /etc/passwd for the user administration and has the
> possibility to simulate the home directory for each user as the root
> directory. There is no possibility for the user to break out.
Please tell me you truly don't believe that.. Yes it is still possible for
them to break out. Another glob() bug, libc attack, kernel bug, or any
buffer overflow by bad coding pratice in the application will still let
the attacker have a keyhole access.
Just because you don't use the master /etc/passwd does not mean much.
This just gives you the ability to have to have a 'jjohns@' login for
each vhost.
- Ben
- Previous message: Brian Hatch: "Re: trying to use keys...been asked a bunch, didn't find many solutio ns"
- In reply to: Michael.Eisele_at_t-systems.com: "AW: sftponly"
- Next in thread: Atro Tossavainen: "Re: sftponly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
