[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SFTP on Raq4 as Root?
- Subject: Re: [cobalt-security] SFTP on Raq4 as Root?
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Thu, 02 Aug 2001 15:36:45 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 03:23 PM 8/2/01 -0400, baltimoremd@xxxxxxxxxxxxxxx wrote:
>On Thu, 2 Aug 2001, Carrie Bartkowiak wrote:
>
>> no reason why you should allow this. You can transfer files as admin
>> and then chown them to root without compromising your security in
>> such a heinous manner.
>
>That works uploading...what about downloading??
You have at least two options. One, if the file is readable only by root
(certain log files come to mind), you might want to chgrp the file to the
'wheel' group (of which root and admin are members by default, at least on
my RaQ 3) and 'chmod g+r' the file. To protect against the case where a
process running as 'admin' has a hole in it (say, a suEXEC CGI script), you
could create a new user and group, give the user membership in the group,
chgrp the file to this new group, then do the 'chmod g+r'. The ext2
filesystem's file permissions are fun!
If that went over your head, you can also do the reverse of the previous
poster's suggestion when downloading -- log in as root, copy the file
somewhere admin can get to it, then download it as admin.
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------