Restricted SFTP

[Markus Friedl]

> It appears (by looking at the code) that a smattering of realpath and
> strcmp calls could provide the required functionailty.  Does this looks
> like the way to do it / do you see any problems with this approach?

i'm not sure what exactly you are referring to:

you have to check ALL protocol messages that are using filenames,
i.e ALL messages that use 'names' instead of 'handles'

changing process_realpath() is not enough.

-m