Displaying 3 results from an estimated 3 matches for "opensshsftpchrootcodeexecut".
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, Jan 05, 2018 at 09:42:18PM +1030, David Newall wrote:
> On 05/01/18 20:06, Jakub Jelen wrote:
> > if the confined user has write access to the chroot directory,
> > there are ways how to get out, gain privileges and or do other
> > nasty things.
>
> I'm not inexperienced with UNIX and unix-like operating systems (30+ years),
> and I can't think what
2018 Jan 08
2
naive sftp user point of view was: SFTP chroot: Writable root
...perating
> access from the outside - no matter if it is the same user or
> another one - leads to root privilege escalation, even without
> hardlinks, just using the default behaviour of any shared linked
> SUID binary.
>
> hd
>
> [0] https:///www.halfdog.net/Security/2018/OpensshSftpChrootCodeExecution/
>
Hello halfdog,
I was not aware that a sftp-only access does execute code/scripts from these directories.
I look at this from the point of view of a naive sftp user.
If a naive sftp user get access to a machine, then he thinks the directory belongs to him and he
can write and delete w...
2018 Jan 08
3
SFTP chroot: Writable root
...ing
> access from the outside - no matter if it is the same user or
> another one - leads to root privilege escalation, even without
> hardlinks, just using the default behaviour of any shared linked
> SUID binary.
>
> hd
>
> [0]
> https:///www.halfdog.net/Security/2018/OpensshSftpChrootCodeExecution
> /
Thank you for the article describing this issue in understandable
manner. What struck my attention is the reading of the /etc/ssh/sshrc
from chroot.
Is it even correct that OpenSSH is searching for the /etc/ssh/sshrc
file AFTER the chroot?
No, I am not advocating the writable chroots,...