OpenSSH 3.2.2 released : chroot

Mike Johnson mike at enoch.org
Sat May 18 02:27:38 EST 2002


Ben Lindstrom [mouring at etoh.eviladmin.org] wrote:
> 
> Out of interest why do you feel it's required to do chroot() at the
> OpenSSH level?  Why don't you invest time into a shell that does the
> chroot() for you?  That would work for telnet, ssh, etc. No need to
> clutter up OpenSSH with options that can easily be implemented at a higher
> level.

Because, like you said, that required the shell to do it.  I'd rather
trust OpenSSH to 'do the right thing' than a shell.  Plus, it's harder
to break out of the OpenSSH chroot, than the shell based one.

While it can be implemented at a higher level, I think it's -better-
implemented at an OpenSSH level.

So, my question is: would a decent patch be accepted?

Mike
-- 
"Let the power of Ponch compel you!  Let the power of Ponch compel you!"
   -- Zorak on Space Ghost

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020517/8d1d0846/attachment.bin 


More information about the openssh-unix-dev mailing list