On Thu, 2007-09-20 at 08:30 -0400, Greg Wooledge wrote:
> On Wed, Sep 19, 2007 at 09:39:56AM +0200, Rainer Peter Feller wrote:
> > On Tue, 2007-09-18 at 12:19 +0100, Martin Simovic wrote:
> > > is there a way to restrict commands passed to ssh (client) to override
> > > command line options

> > So I made a patch by myself, which I also update with every new release
> > For the Patch to openssh-4.7p1 see attachment
> > The name of the not overidable configfile is ssh_config_p

>
> What prevents people from bypassing this by using an unpatched client?

a careful setup
the user can write only on filesystems where files are not executable
AND all binaries have to be static, so you need
no /lib/ld-linux-2.so :-)