Re: sftp logging patch: http://sftplogging.sourceforge.net

I'd suggest people stear clear of this patch until the programmer fixes it. It does it's work by depending on environment variables which can easily be tainted by the end-user.

Since all subsystems are ran with $USERSHELL -c $SUBSYSTEMCMD. Someone can easily reset the environment strings in their non-interactive profile.

The only time this maybe secure is if $USERSHELL is a custom shell (rssh, sftp-server, etc) that has no non-interactive profiles that can be tampered with.

It would be much better to either pass the stuff on the commandline.. IE

Subsystem sftp sftp-server -L -F info ..etc..

Or give sftp-server it's own configuration file that is ran on startup.

The issue of user environment taint in sftp-server has been brought up a few times over on openssh-unix-dev@ list in regards to a sftp-server.c patch for chroot() (people using getenv('HOME') instead of the correct getpw*() C command).

• Ben

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

On 18 Jun 2003, Michael Martinez wrote:

> Sftp logging
> umask setting
Received on Fri Jun 20 00:34:10 2003