Maybe it's time to get rid of tcpwrappers/tcpd?
Reindl Harald
h.reindl at thelounge.net
Mon Mar 24 12:37:31 UTC 2014
Am 24.03.2014 13:26, schrieb Florian Weimer:
> On 03/24/2014 01:23 PM, Reindl Harald wrote:
>
>>> It's still very difficult to securely process uploaded files under a different user account. Some SFTP clients set
>>> restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that.
>>
>> man umask
>>
>> [root at rh:/downloads]$ cat /etc/ssh/sshd_config | grep internal-sftp
>> Subsystem sftp internal-sftp -u 006
>
> umask doesn't apply to explicit chmod
besides that we get way too off-topic and my first reply was in context
of "because ssh is giving too much access" which is a wrong anecdote:
fine, the same applies for samba, ftp and any other file transfer protocol
if you want 100% defined permissions you need to use inotify and handmade
daemons in any case because the client can fire always a chmod of files
he own
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140324/4d5b327f/attachment.sig>
More information about the devel
mailing list