Just as a note:

This isn't to say that chroot jails aren't useful. Only that they aren't
a fix all. Further exploration of other methodologies seems like it
would be an overall benefit to the community.

Jefferson Ogata wrote:
> On 10/10/07 16:00, Larry Becke wrote:
>> Why should *everyone else in the world* have to go through all the hassle of trying to make a "secure" product secure, when a very simple fix, would effectively lock scp so that it couldn't go anywhere above the directory specified in the startup with the -T (like -t) parameter.

> 1. Why do you think this change provides effective security?
> 2. Have you ever tried to implement something like this, dealing with
> symbolic links, bind mounts, etc.?
> If you want to confine users effectively, chroot them.

openssh-unix-dev mailing list