[Wlug] ssh-dummy-shell for OpenSSH???

Charles R. Anderson cra@WPI.EDU
Sat, 8 Feb 2003 22:04:17 -0500


Be careful.  OpenSSH has some features that could compromise your
security.  It lets the user set environment variables when the user
connects.  A user could upload a library and override C Library
functions with LD_PRELOAD to execute whatever they want.

There are a couple sftp-only shells that were designed to handle being
used in the manner you want, but they caution you to disable the rc
features in sshd_config or take other security precautions:

http://www.pizzashack.org/rssh/security.shtml

On Sat, Feb 08, 2003 at 03:51:38AM -0500, Brian K. White wrote:
brian> I have sort-of got this by setting the shell to sftp-server.
brian> bizarre, I know, but it works, and a copy of /bin/true does not.
brian> 
brian> in both the real and chroot'ed /etc/passwd's I set the shell to the full
brian> path to sftp-server, and sftp works, ssh does not.
brian> 
brian> ssh actually connects and will sit there until you type something, but
brian> as soon as you type anything sftp-server says "what is this rubbish?"
brian> and promptly hangs up on you.
brian> 
brian> I don't have any real shell, or any other binary besides sftp-server in
brian> my chroot tree, and even though users can upload their own, they cannot
brian> execute it because their shell is only sftp-server, which is not a shell
brian> and cannot execute anything. I hope it doesn't have any cases where it
brian> could execute any external program like ls (I know it doesn't need ls
brian> specifically, just as an example the way ftpd often uses a ls binary in
brian> the chroot path). otherwise a person might be able to upload a shell
brian> named <whatever sftp-server might exec>
brian> 
brian> this is OpenSSH 3.5p1 with chroot patch, on SCO Open Server 5.0.6

-- 
Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/
PGP Key ID: 49BB5886
Fingerprint: EBA3 A106 7C93 FA07 8E15  3AC2 C367 A0F9 49BB 5886