Re: scp -t . - possible idea for additional parameter‏

Jefferson Ogata Jefferson.Ogata at
Thu Oct 11 02:07:58 EST 2007

On 10/10/07 16:00, Larry Becke wrote:
> Why should *everyone else in the world* have to go through all the hassle of trying to make a "secure" product secure, when a very simple fix, would effectively lock scp so that it couldn't go anywhere above the directory specified in the startup with the -T (like -t) parameter.

1. Why do you think this change provides effective security?

2. Have you ever tried to implement something like this, dealing with
symbolic links, bind mounts, etc.?

If you want to confine users effectively, chroot them.

Jefferson Ogata <Jefferson.Ogata at>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at>
"Never try to retrieve anything from a bear."--National Park Service

More information about the openssh-unix-dev mailing list