Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday January 10, @03:01PM   Printer-friendly
from the practicing-safe-sftp dept.

The SFTP component in OpenSSH provides a chroot-feature for hardening. It is stated in the documentation that the chroot directory must not be writable by the user account, though specific files and subdirectories within it are allowed. Some people were questioning the read-only restriction. halfdog documents some analysis which is the result of discussions on openssh-dev mailing list. Here are some arguments about why these restrictions still makes sense in 2018.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Wednesday January 10, @03:11PM (5 children)

    by Anonymous Coward on Wednesday January 10, @03:11PM (#620481)

    Discussions on a mailing list qualify as news now?

    • (Score: 2) by pkrasimirov on Wednesday January 10, @03:42PM (1 child)

      by pkrasimirov (3358) Subscriber Badge on Wednesday January 10, @03:42PM (#620492)

      Yes, as long as there are valid arguments.

      • (Score: 4, Insightful) by JoeMerchant on Wednesday January 10, @03:54PM

        by JoeMerchant (3937) on Wednesday January 10, @03:54PM (#620494)

        I'd rather catch a good story off of mailing list once in awhile instead of endless parroting of the Reuters feed.

    • (Score: 2) by canopic jug on Wednesday January 10, @04:20PM

      by canopic jug (3949) on Wednesday January 10, @04:20PM (#620502)

      No, but analysis of the issues raised in those discussoins is news. The analisys answers a question that comes up regularly in regards to locked-down SFTP sites and actually walks through why and how the restrictions are needed.

      tldr; CVE 2009-2904

      --
      Money is not free speech. Elections should not be auctions.
    • (Score: -1, Flamebait) by Anonymous Coward on Wednesday January 10, @04:35PM

      by Anonymous Coward on Wednesday January 10, @04:35PM (#620506)

      Well, how else do you plan on getting news that matters?

      You think the mainstream press is being accurate and honest currently? Are you sure there aren't important viewpoints that the mainstream press is attempting to disappear and wallpaper over because they don't fit the Column A/Column B exclusive divide they're trying to create and box everybody in to?

      Watch for some narrative convergence later this year. We'll learn that not only are all men in tech jobs rich, overpaid misogynists, but that they're all alt-righters, too. And homosexuals. And they use encryption. Only a misogynist who is literally Hitler and homosexual would use encryption. Watch for all these narratives to converge.

      The mainstream press is destroying democracy. Stop letting them.

    • (Score: 2, Offtopic) by realDonaldTrump on Wednesday January 10, @04:41PM

      by realDonaldTrump (6614) Subscriber Badge on Wednesday January 10, @04:41PM (#620509) Homepage Journal

      A lot of our newspapers are turning into cyber sites. The failing Daily News was bought by a cyber site. But you look at those sites, they're mostly about our entertainment & sports celebrities, and the terrible wave of immigration & crime we're suffering through. And sometimes a little bit about cyber, the cyber that regular folks do. These EMAILS are about cyber for cyber people. You can tell because there's no picture. The stories for regular people have a picture of a keyboard, a picture of a Bitcoin, or a picture of the ones and zeros. This one doesn't. Very hard to read, but maybe someone wants to!

      --
      Text TRUMP to 88022 to join the #TrumpTrain [facebook.com]!
  • (Score: 2) by FatPhil on Wednesday January 10, @05:01PM (1 child)

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Wednesday January 10, @05:01PM (#620515) Homepage
    "The first test focuses on the impact of a writable root in a sftp-only setup. OpenSSH detects that condition and prohibits login to such system per default."

    Stupid setup is protected from harm, good.

    "Therefore a test chroot was created with bin, dev, etc, lib, lib64, proc, tmp, usr and var directories created and world-writable."

    So you deliberately contrived a different stupid setup?

    Why?!?!?!?

    I can create an infinitude of stupid setups that are dangerous, why is this one interesting? Has it been seen in the wild? If not, you're analysing a non-problem.

    And part 2: "As soon as there exists a cooperating process outside the chroot, ..."

    You're fucked already, it's not your machine any more, the chroot is irrelevant.
    --
    The "free" in #freearistarchus is the "free" in "free jazz"
    • (Score: 4, Informative) by Anonymous Coward on Wednesday January 10, @06:54PM

      by Anonymous Coward on Wednesday January 10, @06:54PM (#620565)

      So you deliberately contrived a different stupid setup?

      Yes, a very similar one, just different enough to evade the check.

      Why?!?!?!?

      To demonstrate that such setups are in fact stupid. As TFA says:

      Some people were questioning the read-only restriction. Here should be some arguments, why it still makes sense in 2018.

      I think you've somehow misunderstood the point of this exercise.

      And part 2: "As soon as there exists a cooperating process outside the chroot, ..."

      You're fucked already, it's not your machine any more, the chroot is irrelevant.

      No, it is relevant. He's demonstrating how an unprivileged process within a poorly-configured chroot, combined with an unprivileged process outside the chroot, can allow both processes to gain root privileges.

      Yes, sane people shouldn't need convincing that world-writable chroots are a bad plan. But not everyone is sane, so this guy is demonstrating it for them.

(1)