Re: ssh environment - circumvention of restricted shells

[Markus Friedl <markus () openbsd org>]

On Mon, Jun 24, 2002 at 08:08:12PM -0400, ari wrote:
> Given the similarities with certain other security issues, i'm surprised
> this hasn't been discussed earlier.  If it has, people simply haven't
> paid it enough attention.

if you setup restricted accounts with restricted shells and allow
unrestricted writing to .ssh/** then you are lost.  same
applies to ftp-only accounts where users have full control over
what's in their $HOME.

so for restricted accounts you have to be very careful, don't
allow writing to $HOME, just to some selected sub directories.

-m