OpenSSH 3.2.2 released : chroot
Dan Astoorian
djast at cs.toronto.edu
Tue May 21 23:17:50 EST 2002
On Tue, 21 May 2002 06:31:09 EDT, Markus Friedl writes:
>
> chroot at sshd level requires a sftp-server binary in every chroot target
> and that's not desirable.
The same is true for a shell wrapper. Chroot() at any level above the
sftp-server binary itself would require an sftp-server binary in the
chroot() targets.
The alternatives would seem to be
a) An sftp-server binary in every chroot target
b) Making sftp-server setuid-root and teaching it how to chroot().
a) is inconvenient for the sysadmin, but b) seems somewhat riskier from
a security standpoint.
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and lost than never loved at all. It's
djast at cs.toronto.edu not, it's better to have loved and won. All
www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
More information about the openssh-unix-dev
mailing list