[openssh-commits] [openssh] 03/04: upstream: mention usefulness of request type allow/denylisting for

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e5c9cf9ac7543a5e59dabf11f993a9c032b9b71f
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu May 21 02:50:59 2026 +0000

    upstream: mention usefulness of request type allow/denylisting for
    
    servers accepting untrusted clients
    
    OpenBSD-Commit-ID: 8b991bd263b46374a8e73f02d05cdccca73ae520
---
 sftp-server.8 | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/sftp-server.8 b/sftp-server.8
index 5311bf929..d9060ab9a 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.32 2026/05/21 02:50:59 djm Exp $
 .\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 27 2021 $
+.Dd $Mdocdate: May 21 2026 $
 .Dt SFTP-SERVER 8
 .Os
 .Sh NAME
@@ -109,6 +109,17 @@ The
 flag can be used to determine the supported request types.
 If both denied and allowed lists are specified, then the denied list is
 applied before the allowed list.
+This flag, along with the
+.Fl p
+flag, may be used to disable operations that are irrelevant or undesirable
+for the server.
+For example, a
+.Nm
+that accepts connections from untrusted clients may wish to disable the
+.Dq copy-data
+or
+.Dq users-groups-by-id
+operations.
 .It Fl p Ar allowed_requests
 Specifies a comma-separated list of SFTP protocol requests that are permitted
 by the server.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.