Maybe it's time to get rid of tcpwrappers/tcpd?
Florian Weimer
fweimer at redhat.com
Mon Mar 24 12:26:24 UTC 2014
On 03/24/2014 01:23 PM, Reindl Harald wrote:
>> It's still very difficult to securely process uploaded files under a different user account. Some SFTP clients set
>> restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that.
>
> man umask
>
> [root at rh:/downloads]$ cat /etc/ssh/sshd_config | grep internal-sftp
> Subsystem sftp internal-sftp -u 006
umask doesn't apply to explicit chmod.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list