[Bug 3131] [PATCH] Adding a chroot-directory option per key in authorized_keys file
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 7 18:38:54 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3131
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
AFAIK it's a bad idea to give the chroot ability to non-privileged
users - there are a number of plausible paths to uid=0 if you can
effectively write to / and /etc. This is why the chroot(1) syscall
requires root privileges to begin with.
I appreciate your precaution of requiring force-command and
sftp-server, but I'm not sure whether your need would be better served
by putting a fake-chroot ability into sftp-server directly.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list