I've gone ahead and written the code to allow subsystems to always be run with the Bourne shell instead of the user's shell, thus allowing user's with invalid shells to be able to use sftp (but not ssh, because their shell is invalid). The patch is attached. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: bin-sh-subsystem.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010524/53d064f6/attachment.ksh
mouring at etoh.eviladmin.org
2001-May-24 20:27 UTC
Using /bin/sh to exec subsystems [PATCH]
UGH.. Please.. No... We moved from this. If you wish sftp only accounts put sftp-server as the user's shell. This works very well. Running /bin/sh allows the user to insert unsafe code in their startup script which could allow them to get a shell on the server. - Ben On 24 May 2001, Patrick Higgins wrote:> I've gone ahead and written the code to allow subsystems to always be > run with the Bourne shell instead of the user's shell, thus allowing > user's with invalid shells to be able to use sftp (but not ssh, because > their shell is invalid). The patch is attached. > >
On Thu, May 24, 2001 at 12:33:46PM -0600, Patrick Higgins wrote:> I've gone ahead and written the code to allow subsystems to always be > run with the Bourne shell instead of the user's shell, thus allowing > user's with invalid shells to be able to use sftp (but not ssh, because > their shell is invalid). The patch is attached.i don't like this and i don't this this is very useful. the only thing i'm thinking about is an option for run subsystems without any shell. however, i'm afraid of skipping the login-shell, since it's used (or abused) for access control on many systems (e.g. setting the loginshell to /bin/false). -m
Seemingly Similar Threads
- Real sh? Or other efficient shell for non-interactive scripts
- Buig in bin/R script (PR#9375)
- Real sh? Or other efficient shell for non-interactive scripts
- Real sh? Or other efficient shell for non-interactive scripts
- Real sh? Or other efficient shell for non-interactive scripts