Just as a note:
http://kerneltrap.org/Linux/Abusing_chroot

This isn't to say that chroot jails aren't useful. Only that they aren't
a fix all. Further exploration of other methodologies seems like it
would be an overall benefit to the community.

Jefferson Ogata wrote:
> On 10/10/07 16:00, Larry Becke wrote:
>> Why should *everyone else in the world* have to go through all the hassle of trying to make a "secure" product secure, when a very simple fix, would effectively lock scp so that it couldn't go anywhere above the directory specified in the startup with the -T (like -t) parameter.

>
> 1. Why do you think this change provides effective security?
>
> 2. Have you ever tried to implement something like this, dealing with
> symbolic links, bind mounts, etc.?
>
> If you want to confine users effectively, chroot them.
>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev