chroot'd SFTP

Richard Storm storm.richard at gmail.com
Tue Jul 31 22:00:30 EST 2007


On 7/31/07, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 30 Jul 2007, Richard Storm wrote:
>
> > > >> http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2
> > > >
> > > > The big problem with that patch is that it effectively allows non-root
> > > > users to chroot to a directory of their choice.
> > How!? Doesn't sftp-server respect received "-C %d" args which are
> > hardcoded in ForceCommand, to chroot user in HIS home directory?
>
> by running sftp-server with a -C option of their choice
>
Thanks, I got now. Local/remote users with shell access can chroot in
any dir they want. However, is this security problem, since after that
privs are dropped and unix permissions are in effect...


More information about the openssh-unix-dev mailing list