Re: ssh+svn vs. bash security bug?

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 25 Sep 2014 11:08:31 +0300

On Wed, Sep 24, 2014 at 07:30:57PM -0400, Nico Kadel-Garcia wrote:
> Setting up a chroot for Subversion for just this purpose gets...
> potentially adventuresome. The maintainers of OpenSSH have generically
> refused to support chroot changes, so it's a bit awkward to even set
> up. Various folks have published patches or integration kits to
> support genuine chroot cages: heck, even I used to publish patches for
> OpenSSH to provide them.

I have to admit that while I did successfully chroot svnserve with
svn:// once, I've never tried to chroot svn+ssh://

But I'd be surprised if OpenSSH was making this difficult.
The ChrootDirectory configuration option of OpenSSH won't do?
If so, why not?

Upgrading bash is a better solution to this particular problem,
of course, but using a chroot containing the minimum components
could still be a good idea in general.
Received on 2014-09-25 10:09:15 CEST

This message: [ Message body ]
Next message: Grierson, David: "RE: Data Commit Limit in SVN V1.8.9 !!!"
Previous message: Nico Kadel-Garcia: "Re: ssh+svn vs. bash security bug?"
In reply to: Nico Kadel-Garcia: "Re: ssh+svn vs. bash security bug?"
Next in thread: Bert Huijben: "RE: ssh+svn vs. bash security bug?"
Reply: Bert Huijben: "RE: ssh+svn vs. bash security bug?"
Reply: Nico Kadel-Garcia: "Re: ssh+svn vs. bash security bug?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]