scp -t . - possible idea for additional parameter
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Thu Oct 4 12:20:06 EST 2007
On Wed, Oct 03, 2007 at 02:46:06AM -0500, Larry Becke wrote:
> One of the minor issues we face as we tackle security issues is the
> idea that scp allows someone to navigate directory structures that
> aren't restricted to the user that is logging in.
That is not how scp works, that is how the server operating system
works.
scp does not allow or enable anything that has been disabled before
or outside scp.
OpenSSH uses the user's shell for any and all executions on behalf of
a user, including scp and sftp-server. If you want to restrict users,
the shell is a nice place to implement policy.
//Peter
More information about the openssh-unix-dev
mailing list