Maybe it's time to get rid of tcpwrappers/tcpd?
Corey Sheldon
sheldon.corey at gmail.com
Mon Mar 24 12:47:21 UTC 2014
this is the proverbal security vs. convenience issue safety unfortunately
isn't convenient
Corey W Sheldon
Owner, 1st Class Mobile Shine
310.909.7672
www.facebook.com/1stclassmobileshine
On Mon, Mar 24, 2014 at 8:21 AM, Florian Weimer <fweimer at redhat.com> wrote:
> On 03/24/2014 01:06 PM, Reindl Harald wrote:
>
> Am 24.03.2014 12:57, schrieb Nicolas Mailhot:
>>
>>> Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit :
>>>
>>> The RHEL documentation, apart from fully describing the abilities,
>>>> specifically describes two uses: a ftpd banner
>>>>
>>>
>>> Surprisingly, ftp is still widely used entreprise-side, because ssh is
>>> giving too much access
>>>
>>
>> no, it is easy to restrict ssh to ONLY sftp and chroot and with
>> simple bind-mounts you can completly replace ftp, doing that here
>> in production over years with 3 simple scripts
>>
>
> It's still very difficult to securely process uploaded files under a
> different user account. Some SFTP clients set restrictive permissions on
> upload, and the OpenSSH implementation does not allow to bypass that.
>
> --
> Florian Weimer / Red Hat Product Security Team
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140324/699e3cb3/attachment.html>
More information about the devel
mailing list