OpenSSH 3.2.2 released : chroot
Mike Johnson
mike at enoch.org
Sat May 18 02:27:38 EST 2002
Ben Lindstrom [mouring at etoh.eviladmin.org] wrote:
>
> Out of interest why do you feel it's required to do chroot() at the
> OpenSSH level? Why don't you invest time into a shell that does the
> chroot() for you? That would work for telnet, ssh, etc. No need to
> clutter up OpenSSH with options that can easily be implemented at a higher
> level.
Because, like you said, that required the shell to do it. I'd rather
trust OpenSSH to 'do the right thing' than a shell. Plus, it's harder
to break out of the OpenSSH chroot, than the shell based one.
While it can be implemented at a higher level, I think it's -better-
implemented at an OpenSSH level.
So, my question is: would a decent patch be accepted?
Mike
--
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020517/8d1d0846/attachment.bin
More information about the openssh-unix-dev
mailing list