chroot'd SFTP

Peter Stuge stuge-openssh-unix-dev at cdy.org
Tue Jul 31 07:22:34 EST 2007


On Mon, Jul 30, 2007 at 05:18:49PM +0300, Richard Storm wrote:
> > >> http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2
> > >
> > > The big problem with that patch is that it effectively allows non-root
> > > users to chroot to a directory of their choice.
> How!?

sftp-server has to be setuid root and invokable by all users that
should have SFTP access.

Granted, it could be argued that this is unimportant if there are
no users who can execute arbitrary commands in the system.


//Peter


More information about the openssh-unix-dev mailing list