The socket creation code in fshd was not paranoid enough. There
were are at least two possible attacks:
- If a malicious user has symlinked /tmp/fshd-<UID> to another
file, fshd will chmod 0700 that file.
- A race condition made it possible for an attacker to create an
unsafe socket directory, so that the attacker can access an
fshd tunnel.
The attacker must alread have a local shell on the computer where
fsh or fshd is invoked.
Other changes:
New timeout option, fixed to work with openssh2, now also usable if
you have to enter a password to connect, and some others.
states that the motivation for this program was to speed up cvs work,
but it works just as well with "rsync" and other programs that use ssh
for the transport. This is a set of python scripts: "fsh" uses ssh,
(or optionally rsh or lsh) to start and set up a connection to "fshd"
on the remote host, also includes "fcp", and docs in "info" format.
