Re: scp -t . - possible idea for additional parameter?

Chris Rapier rapier at
Thu Oct 11 02:32:17 EST 2007

Just as a note:

This isn't to say that chroot jails aren't useful. Only that they aren't 
a fix all. Further exploration of other methodologies seems like it 
would be an overall benefit to the community.

Jefferson Ogata wrote:
> On 10/10/07 16:00, Larry Becke wrote:
>> Why should *everyone else in the world* have to go through all the hassle of trying to make a "secure" product secure, when a very simple fix, would effectively lock scp so that it couldn't go anywhere above the directory specified in the startup with the -T (like -t) parameter.
> 1. Why do you think this change provides effective security?
> 2. Have you ever tried to implement something like this, dealing with
> symbolic links, bind mounts, etc.?
> If you want to confine users effectively, chroot them.

More information about the openssh-unix-dev mailing list