OpenSSH 3.2.2 released : chroot

Mike Johnson mike at
Sat May 18 03:18:09 EST 2002

Ben Lindstrom [mouring at] wrote:

> It is?  HOW can you break out of a 10 line application written sole
> to handle a chroot environment?  Which also allows you to clean up
> the environment from nasty ~/.ssh/environment variables you many not
> want.  I'm not saying 'rksh'.  I'm saying write a program that DOES the
> chrooting for you.

Okay, I immediately assumed you meant rksh or rbash, hence the knee-jerk
> Every line of code, every feature added, every platform added adds a
> greater chance of error.  Add enough lines, features, platforms you
> get to a point where you have more code than you can confortable audit
> without missing edge cases.

Fair enough.
> We have declined such patches in the past.  And I suspect we will decline
> such patches in the future.

That's all I needed to hear, really.
> There is a chroot patch floating around already.  And I know people that
> apply it and use it happily.

Yup.  I've been maintaining my own.  But, I have to admit that after
reading your mail a few times, it makes sense.  At the very least, I
wouldn't have to keep updating the damned patch for every OpenSSH

Off to write and test a wrapper...

"Let the power of Ponch compel you!  Let the power of Ponch compel you!"
   -- Zorak on Space Ghost

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list