|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Symlinks and chroot
From: Ricardo Núñez <rinunez(at)usb.ve>
Date: Thu Nov 14 2002 - 11:55:42 EST
diff -Naur orig/sftp-server.c dest/sftp-server.c --- orig/sftp-server.c Wed Feb 13 03:05:00 2002 +++ dest/sftp-server.c Wed Nov 13 20:34:29 2002 @@ -929,10 +929,10 @@
Date: Thu Nov 14 2002 - 11:55:42 EST
Hi,
I'm in charge of an Apache web server with 'follow symlinks' on, so for me it's a security hole that SFTP server does not have an option to disable 'symlink command' and could not 'chroot'.
I did a 'hurry patch' to openssh 3.1p1 to disable 'symlink command' in the server:
diff -Naur orig/sftp-server.c dest/sftp-server.c --- orig/sftp-server.c Wed Feb 13 03:05:00 2002 +++ dest/sftp-server.c Wed Nov 13 20:34:29 2002 @@ -929,10 +929,10 @@
newpath = get_string(NULL);
TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
/* fail if 'newpath' exists */
- if (stat(newpath, &st) == -1) {
+ /*if (stat(newpath, &st) == -1) {
ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) :
SSH2_FX_OK;
- }
+ status = (ret == -1) ? errno_to_portable(errno) :
SSH2_FX_OK;
+ } */
send_status(id, status);
xfree(oldpath);
xfree(newpath);
*********************************************************
--
Saludos,
Ing. Ricardo Núñez
Webmaster de la DST
Universidad Simón Bolívar
E-Mail: rinunez@usb.ve
Received on Thu Nov 14 20:49:25 2002This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |