1 Topic by briancanfixit (edited by briancanfixit 2013-11-14 10:46:15)

  • Registered: 2013-11-14
  • Posts: 1

Topic: links are followed - centos 6.4

I'm using centos 6.4 bound to active directory, logging in as a domain user.
I get the MySecureShell shell, but if I connect from my windows system using winscp and create a link to /etc , then I can use that link to treverse the file system.


I'm using a fairly standard install:

# /bin/MySecureShell --version
MySecureShell is version 1.31 build on Feb 24 2013

# cat /etc/*release*
CentOS release 6.4 (Final)

# cat /etc/ssh/sftp_config
## MySecureShell Configuration File ##
#Default rules for everybody
<Default>
        GlobalDownload          500k    #total speed download for all clients
                                        # o -> bytes   k -> kilo bytes   m -> mega bytes
        GlobalUpload            0       #total speed download for all clients (0 for unlimited)
        Download                5k      #limit speed download for each connection
        Upload                  0       #unlimit speed upload for each connection
        StayAtHome              true    #limit client to his home
        VirtualChroot           true    #fake a chroot to the home account
        LimitConnection         50      #max connection for the server sftp
        LimitConnectionByUser   1       #max connection for the account
        LimitConnectionByIP     2       #max connection by ip for the account
        Home                    /home/$USER     #overrite home of the user but if you want you can use
                                                #       environment variable (ie: Home /home/$USER)
        IdleTimeOut             5m      #(in second) deconnect client is idle too long time
        ResolveIP               true    #resolve ip to dns
        IgnoreHidden            true    #treat all hidden files as if they don't exist
#       DirFakeUser             true    #Hide real file/directory owner (just change displayed permissions)
#       DirFakeGroup            true    #Hide real file/directory group (just change displayed permissions)
#       DirFakeMode             0400    #Hide real file/directory rights (just change displayed permissions)
                                        #Add execution right for directory if read right is set
        HideNoAccess            true    #Hide file/directory which user has no access
#       MaxOpenFilesForUser     20      #limit user to open x files on same time
#       MaxWriteFilesForUser    10      #limit user to x upload on same time
#       MaxReadFilesForUser     10      #limit user to x download on same time
        DefaultRights           0640 0750       #Set default rights for new file and new directory
#       MinimumRights           0400 0700       #Set minimum rights for files and dirs

        ShowLinksAsLinks        false   #show links as their destinations
#       ConnectionMaxLife       1d      #limits connection lifetime to 1 day

#       Charset                 "ISO-8859-15"   #set charset of computer
</Default>

...
everything else in the config file is commented off.



# sftp-who -v
--- 1 / 50 clients ---
Global used bandwith : 0 bytes/s / 0 bytes/s
PID: 1758   Name: brianadmin   IP: usercomputer.somecompany.com
        Home: /home/brianadmin
        Options:  StayAtHome VirtualChroot ResolveIp IgnoreHidden HideNoAccess
        Status: idle [since 02mins 53s]   Path: /test
        File:
        Connected: 2013/11/14 01:38:19 [since 04mins 53s]
        Speed: Download: 0 bytes/s [5.00 kbytes/s]  Upload: 0 bytes/s [unlimited]
        Total: Download: 2918 bytes   Upload: 725 bytes

  • teka
  • Administrator
  • Offline
  • From: France
  • Registered: 2007-11-18
  • Posts: 806

Re: links are followed - centos 6.4

Hi,


You can add line "DisableSymLink true" to disable symlink before the patch smile