this is the proverbal security vs. convenience issue safety unfortunately
isn't convenient
Corey W Sheldon
Owner, 1st Class Mobile Shine
310.909.7672
www.facebook.com/1stclassmobileshine
On Mon, Mar 24, 2014 at 8:21 AM, Florian Weimer <fweimer(a)redhat.com> wrote:
On 03/24/2014 01:06 PM, Reindl Harald wrote:
Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
>
>> Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
>>
>> The RHEL documentation, apart from fully describing the abilities,
>>> specifically describes two uses: a ftpd banner
>>>
>>
>> Surprisingly, ftp is still widely used entreprise-side, because ssh is
>> giving too much access
>>
>
> no, it is easy to restrict ssh to ONLY sftp and chroot and with
> simple bind-mounts you can completly replace ftp, doing that here
> in production over years with 3 simple scripts
>
It's still very difficult to securely process uploaded files under a
different user account. Some SFTP clients set restrictive permissions on
upload, and the OpenSSH implementation does not allow to bypass that.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct