<div dir="ltr">this is the proverbal security vs. convenience issue safety unfortunately isn't convenient<div> </div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">Corey W Sheldon<br>Owner, 1st Class Mobile Shine<div>
</div><div>310.909.7672</div><div><a href="http://www.facebook.com/1stclassmobileshine" target="_blank">www.facebook.com/1stclassmobileshine</a></div></div></div>
<br><br><div class="gmail_quote">On Mon, Mar 24, 2014 at 8:21 AM, Florian Weimer <span dir="ltr"><<a href="mailto:fweimer@redhat.com" target="_blank">fweimer@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On 03/24/2014 01:06 PM, Reindl Harald wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Am <a href="tel:24.03.2014%2012" value="+12403201412" target="_blank">24.03.2014 12</a>:57, schrieb Nicolas Mailhot:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The RHEL documentation, apart from fully describing the abilities,<br>
specifically describes two uses: a ftpd banner<br>
</blockquote>
<br>
Surprisingly, ftp is still widely used entreprise-side, because ssh is<br>
giving too much access<br>
</blockquote>
<br>
no, it is easy to restrict ssh to ONLY sftp and chroot and with<br>
simple bind-mounts you can completly replace ftp, doing that here<br>
in production over years with 3 simple scripts<br>
</blockquote>
<br></div>
It's still very difficult to securely process uploaded files under a different user account. Some SFTP clients set restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that.<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Florian Weimer / Red Hat Product Security Team</font></span><div class="HOEnZb"><div class="h5"><br>
-- <br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org" target="_blank">devel@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/devel</a><br>
Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" target="_blank">http://fedoraproject.org/code-<u></u>of-conduct</a></div></div></blockquote></div><br></div>