Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday January 10 2018, @03:01PM   Printer-friendly
from the practicing-safe-sftp dept.

The SFTP component in OpenSSH provides a chroot-feature for hardening. It is stated in the documentation that the chroot directory must not be writable by the user account, though specific files and subdirectories within it are allowed. Some people were questioning the read-only restriction. halfdog documents some analysis which is the result of discussions on openssh-dev mailing list. Here are some arguments about why these restrictions still makes sense in 2018.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by canopic jug on Wednesday January 10 2018, @04:20PM

    by canopic jug (3949) Subscriber Badge on Wednesday January 10 2018, @04:20PM (#620502) Journal

    No, but analysis of the issues raised in those discussoins is news. The analisys answers a question that comes up regularly in regards to locked-down SFTP sites and actually walks through why and how the restrictions are needed.

    tldr; CVE 2009-2904

    --
    Money is not free speech. Elections should not be auctions.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2