re: scp and sftp
All of this has gotten me to thinking about another flaw in the way I
have things set up. I'm preventing users from getting to a $ by running
a menu from their profile.
exec /usr/bin/menu
This works fine since the exec causes menu to become their shell
process.
But some smart user could get around this by using pscp to upload their
own .bash_profile. Even if I fix it so I have them chroot'd on their
home would not prevent this since this file is in their home.
But changing permissions on the .bash_profile so they don't own it (and
not in their group) should take care of that problem. They can read it
all they want, just not change it.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: