this is the proverbal security vs. convenience issue safety unfortunately isn't convenient
Corey W Sheldon Owner, 1st Class Mobile Shine 310.909.7672 www.facebook.com/1stclassmobileshine On Mon, Mar 24, 2014 at 8:21 AM, Florian Weimer <fwei...@redhat.com> wrote: > On 03/24/2014 01:06 PM, Reindl Harald wrote: > > Am 24.03.2014 12:57, schrieb Nicolas Mailhot: >> >>> Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit : >>> >>> The RHEL documentation, apart from fully describing the abilities, >>>> specifically describes two uses: a ftpd banner >>>> >>> >>> Surprisingly, ftp is still widely used entreprise-side, because ssh is >>> giving too much access >>> >> >> no, it is easy to restrict ssh to ONLY sftp and chroot and with >> simple bind-mounts you can completly replace ftp, doing that here >> in production over years with 3 simple scripts >> > > It's still very difficult to securely process uploaded files under a > different user account. Some SFTP clients set restrictive permissions on > upload, and the OpenSSH implementation does not allow to bypass that. > > -- > Florian Weimer / Red Hat Product Security Team > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct >
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
