Re: Is ssh not safe?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am So, den 25.07.2004 schrieb Aaron Gaudio um 5:42:

> > > I've always been fond of the rbash shell... symbolic link bash to
> > > rbash, then set their shell to /bin/rbash.... pretty cool.
> > 
> > What should that be? Restricting morons?
> > 
> > I suggest you do it yourself and then when logged in with such an rbash
> > shell you enter "bash" and then rethink the sense of such a shell
> > setting ;)
> 
> Fortunately, restricted mode is a little more intelligent than that. It will
> not allow you to specify "/" in command names, and PATH is a read-only
> variable. So, properly configured, a restricted bash shell can provide a
> little more semblance of security thatn you let on, though it surely is not
> a panacea.

It didn't want to say that an rbash is useless under all circumstances.
My intention was just to point out that what Brentley found so "pretty
cool" is useless from aspect of security. In this thread the previous
discussion was about exactly that and his reply was meant as a simple
alternate to a chroot.

I felt Brentley's suggestion was worth a critic because it is at best
fake security.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
Serendipity 15:42:02 up 3 days, 30 users, load average: 0.99, 0.48, 0.36

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux