[Bug 3131] [PATCH] Adding a chroot-directory option per key in authorized_keys file

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 7 18:38:54 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3131

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
AFAIK it's a bad idea to give the chroot ability to non-privileged
users - there are a number of plausible paths to uid=0 if you can
effectively write to / and /etc. This is why the chroot(1) syscall
requires root privileges to begin with.

I appreciate your precaution of requiring force-command and
sftp-server, but I'm not sure whether your need would be better served
by putting a fake-chroot ability into sftp-server directly.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list