>1. Why do you think this change provides effective security?

=

Specifying the starting directory, and not allowing the user to navigate=
above it effectively locks the user within that directory. =

>2. Have you ever tried to implement something like this, dealing with>symb=

olic links, bind mounts, etc.?
Since you cannot transfer symlinks directly via the scp command, there w=
ouldn't be any in the directories we would be using on the remote system. =

>If you want to confine users effectively, chroot them.

chroot'ing should not be used as a security method, that's been clearly sta=
ted time and again.
__________________________________________________ _______________
Help yourself to FREE treats served up daily at the Messenger Caf=E9. Stop =
by today.
http://www.cafemessenger.com/info/in...DTXT_TAGLM_Oc=
tWLtagline
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev