OpenSSH 3.2.2 released : chroot

Dan Astoorian djast at
Tue May 21 23:17:50 EST 2002

On Tue, 21 May 2002 06:31:09 EDT, Markus Friedl writes:
> chroot at sshd level requires a sftp-server binary in every chroot target
> and that's not desirable.

The same is true for a shell wrapper.  Chroot() at any level above the
sftp-server binary itself would require an sftp-server binary in the
chroot() targets.

The alternatives would seem to be
a) An sftp-server binary in every chroot target
b) Making sftp-server setuid-root and teaching it how to chroot().

a) is inconvenient for the sysadmin, but b) seems somewhat riskier from
a security standpoint.

Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at        not, it's better to have loved and won.  All  the other options really suck.    --Dan Redican

More information about the openssh-unix-dev mailing list