OpenSSH 3.2.2 released : chroot
Mike Johnson
mike at enoch.org
Sat May 18 03:18:09 EST 2002
Ben Lindstrom [mouring at etoh.eviladmin.org] wrote:
> It is? HOW can you break out of a 10 line application written sole
> to handle a chroot environment? Which also allows you to clean up
> the environment from nasty ~/.ssh/environment variables you many not
> want. I'm not saying 'rksh'. I'm saying write a program that DOES the
> chrooting for you.
Okay, I immediately assumed you meant rksh or rbash, hence the knee-jerk
reaction.
> Every line of code, every feature added, every platform added adds a
> greater chance of error. Add enough lines, features, platforms you
> get to a point where you have more code than you can confortable audit
> without missing edge cases.
Fair enough.
> We have declined such patches in the past. And I suspect we will decline
> such patches in the future.
That's all I needed to hear, really.
> There is a chroot patch floating around already. And I know people that
> apply it and use it happily.
Yup. I've been maintaining my own. But, I have to admit that after
reading your mail a few times, it makes sense. At the very least, I
wouldn't have to keep updating the damned patch for every OpenSSH
release.
Off to write and test a wrapper...
Mike
--
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020517/017a4059/attachment.bin
More information about the openssh-unix-dev
mailing list