AW: Answers of using SCP
I talked about a sick and fast way....nevermind. Of course you also
start sshd change rooted, so if the user logins he can't do anything
interesting. (Yes, except he knows an local root exploit...)
> From: Boris [mailto:Boris@spletzone.com]
>
> User can easily escape to shell with a few quick CTRL+C
> keystrokes. So this
> won't stop any clueful user.
first, you could deactivate ctrl-c and second you have to got an
accoustic coupler and and 486 at the other side to get strg-c sended at
the right time, but then you also can whistle to exploit that.... ;-)
<snip>
> You're better off disallowing connects except using publickey
> authentication, and specifying the command /usr/lib/sftp-server as the
> only command that key is authorized to run. I think that should work,
> though I haven't tried it.
IMHO this combined with a change rooted file system would be a nice
solution for that...
Reply to: