On 10/10/07 16:00, Larry Becke wrote:
> Why should *everyone else in the world* have to go through all the hassle of trying to make a "secure" product secure, when a very simple fix, would effectively lock scp so that it couldn't go anywhere above the directory specified in the startup with the -T (like -t) parameter.

1. Why do you think this change provides effective security?

2. Have you ever tried to implement something like this, dealing with
symbolic links, bind mounts, etc.?

If you want to confine users effectively, chroot them.

Jefferson Ogata
NOAA Computer Incident Response Team (N-CIRT)
"Never try to retrieve anything from a bear."--National Park Service
openssh-unix-dev mailing list