Restricted SFTP

Markus Friedl Markus.Friedl at
Fri Mar 23 22:00:31 EST 2001

> It appears (by looking at the code) that a smattering of realpath and
> strcmp calls could provide the required functionailty.  Does this looks
> like the way to do it / do you see any problems with this approach?

i'm not sure what exactly you are referring to:

you have to check ALL protocol messages that are using filenames,
i.e ALL messages that use 'names' instead of 'handles'

changing process_realpath() is not enough.


More information about the openssh-unix-dev mailing list