Restricting rsync over ssh - Dmitry V. Levin - org.samba.lists.rsync

6 messages in org.samba.lists.rsyncRestricting rsync over ssh

From	Sent On	Attachments
Bob	Dec 28, 2004 3:53 pm
Dmitry V. Levin	Dec 28, 2004 4:12 pm
Bob	Dec 28, 2004 4:24 pm
Dmitry V. Levin	Dec 28, 2004 4:43 pm
Alessandro Ranellucci	Dec 28, 2004 4:44 pm
Martin Scharrer	Dec 28, 2004 5:26 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Restricting rsync over ssh	Actions
From:	Dmitry V. Levin (ld...@altlinux.org)
Date:	Dec 28, 2004 4:43:24 pm
List:	org.samba.lists.rsync

On Tue, Dec 28, 2004 at 05:24:27PM +0100, Bob wrote:

I would like to avoid using chroot because it implies my dummy-shell must run in suid root. Furthermore, it forces to create a jail with the binaries and libraries inside. I was thinking to this solution to avoid doing this.

Is there any reason to avoid this jail solution?

Do you think there are some security issues using realpath instead of chroot ?

Yes, realpath introduces time-of-check-time-of-use race condition: during the check your canonical path is fine, then user changes some symlinks (using shell or via rsync) and gets out of his home directory.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: