[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rssh security announcement

[Resent to correct recpients; moderators, please approve THIS

rssh is a shell for restricting SSH access to a machine to only scp,
sftp, or a small set of similar applications.  


Henrik Erkkonen has discovered that, through clever manipulation of
environment variables on the ssh command line, it is possible to
circumvent rssh.  As far as I can tell, there is no way to effect a
root compromise, except of course if the root account is the one
you're attempting to protect with rssh...

This project is old, and I have no interest in continuing to maintain
it.  I looked for easy solutions to the problem, but in discussing
them with Henrik, none which we found satisfactorily address the
problem.  Fixing this properly will require more work than I want to
put into it.

Note in particular that ensuring that the AcceptEnv sshd configuration
option need not be turned on for this exploit to work.

Derek D. Martin
GPG Key ID: 0x81CFE75D

Attachment: pgp1l7pC9Mjvy.pgp
Description: PGP signature