Lawv tshaj tawm kom tsis ua raws li thiab tshem tawm Fedora SCP raws tu qauv

Jakub jelen (ib tug Red Hat security engineer) tau hais tias SCP raws tu qauv tau muab cais ua qhov tsis tsim nyog rau tom qab npaj mus rau nws tshem tawm. Raws li SCP muaj lub tswv yim zoo li RCP thiab muaj teeb meem txuas ntxiv ntawm kev tsim vaj tsev cov hauv paus ntsiab lus uas yog qhov chaw muaj peev xwm ntawm kev ruaj khov.

Hauv tshwj xeeb, hauv SCP thiab RCP, lub server txais qhov kev txiav txim siab txog cov ntaub ntawv twg thiab phau ntawv teev npe twg xa mus rau tus neeg siv, thiab cov neeg siv ua raws cov lus qhia ntawm lub server thiab tsuas yog kuaj xyuas qhov tseeb ntawm cov npe xa khoom rov qab.

Los ntawm kev sib txuas rau lub server tswj hwm los ntawm tus neeg tawm tsam, tus neeg rau zaub mov tuaj yeem xa lwm cov ntawv, uas tau ua rau kev txheeb xyuas qhov tsis muaj zog.

Piv txwv, kom txog thaum tsis ntev los no, tus neeg siv khoom tsuas yog txheeb xyuas cov ntawv qhia tam sim no, tab sis tsis coj mus rau hauv tus account tias tus neeg rau zaub mov tuaj yeem muab cov ntaub ntawv sau npe txawv npe thiab sau cov ntawv uas tsis thov (piv txwv, hloov "test.txt" thov, tus neeg rau zaub mov tuaj yeem xa daim ntawv hu ua »bashrc« thiab nws yuav sau los ntawm tus neeg siv khoom).

Hauv cov ntawv tshaj tawm, tshaj tawm los ntawm Jakub Jelen, koj tuaj yeem nyeem cov hauv qab no:

Nyob zoo Fedora cov neeg siv! Xyoo tsis ntev los no, muaj ntau qhov teeb meem nyob rau hauv SCP raws tu qauv, ua rau peb muaj kev sib tham seb peb tuaj yeem tshem nws tau li cas hauv thawj theem.

Feem ntau ntawm cov suab lus tau hais tias lawv siv SCP feem ntau rau cov ntawv luam yooj yim ad-hoc thiab vim tias sftp cov khoom siv tsis muaj qhov yooj yim interface txhawm rau luam ib lossis ob cov ntaub ntawv rov qab thiab dua thiab vim tias tib neeg tsuas yog siv los sau ntawv scp xwb. sftp.

Lwm qhov teeb meem nrog SCP raws tu qauv yog kev sib cav ua haujlwm.

Txij li nws tau hais tias thaum luam cov ntaub ntawv mus rau sab nraud server qhov chaw ua haujlwm cov ntaub ntawv yog ntxiv rau qhov kawg ntawm scp hais kom ua hauv zos, piv txwv li, thaum koj khiav cov lus txib «scp / sourcefile remoteserver: 'kov / tmp / exploit.sh` / targetfile'» ntawm lub server, qhov hais kom ua »kov / tmp / exploit.sh» thiab cov ntaub ntawv / tmp tau tsim /exploit.sh, yog li nws tseem ceeb uas yuav tau siv cov cim kom raug khiav tawm hauv scp.

Thaum scp siv los txheeb cov ntsiab lus ntawm cov ntawv sau tseg (qhov "-r" kev xaiv) hauv cov file system uas lees txais tus cim '`nyob hauv cov npe cov ntaub ntawv, tus neeg tawm tsam tuaj yeem tsim cov ntawv sau nrog cov cim thiab ua kom nws qhov chaws khiav.

Hauv OpenSSH qhov teeb meem no tseem tsis tau paub meej, raws li cov teeb meem los txhim kho yam tsis muaj kev thim rov qab tau siv, piv txwv li khiav cov lus txib kom kuaj xyuas yog tias qhov chaw ntawv ua ntej ua luam.

Cov kev sib tham yav dhau los tau qhia tias scp feem ntau yog siv los luam cov ntawv los ntawm ib qhov system mus rau lwm qhov.

Txawm li cas los, ntau tus neeg siv scp siv sftp vim yooj yim interface thiab pom tseeb rau luam cov ntaub ntawv, lossis tsuas yog tawm ntawm tus cwj pwm. Jakub qhia kev siv qhov kev siv ua ntej ntawm scp company, hloov dua siab tshiab los siv SFTP raws tu qauv (rau qee kis tshwj xeeb, qhov nqi hluav taws xob muab "M-scp" kev xaiv rov qab rau SCP raws tu qauv), lossis ntxiv hom kev sib xyaw rau sftp nqi hluav taws xob. uas tso cai rau koj siv sftp nyob rau hauv raws li lub pob tshab hloov rau scp.

Ob peb lub hlis dhau los kuv tau sau ib thaj rau scp siv SFTP sab hauv (muaj peev xwm hloov nws rov qab siv -M scp) thiab khiav nws ntse hauv qee qhov kev sim.

Lub tswv yim thoob plaws seem ntws los kuj tseem zoo heev, yog li kuv xav hnov ​​los ntawm peb cov neeg siv thiab. Nws tseem muaj qee qhov kev txwv (kev txhawb nqa ploj lawm, nws yuav tsis ua haujlwm yog tias lub server tsis khiav lub sftp subsystem,…), tab sis nws yuav tsum zoo txaus rau cov rooj plaub feem ntau siv.

Nruab nrab ntawm cov kev txwv ntawm qhov xav kom ze, qhov tsis muaj peev xwm ntawm kev hloov pauv cov ntaub ntawv nrog cov servers uas tsis pib sftp subystem tau hais tseg, thiab qhov tsis muaj kev hloov ntawm ob hom sab nraud nrog txoj kev hloov mus los ntawm tus tswv tsev hauv zos ("-3" hom). Qee tus neeg siv kuj tseem ceeb tias SFTP yog me ntsis qab SCP ntawm qhov bandwidth, uas ua rau pom ntau dua ntawm kev sib txuas tsis zoo nrog lub siab ntev.

Rau kev sim, ib qho kev hloov ntawm lwm lub pob opensh tau muab tso rau hauv chaw cia khoom copr, patching nws nrog kev siv ntawm scp company dhau SFTP raws tu qauv.

Source: https://lists.fedoraproject.org/


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.