scp -t . - possible idea for additional parameter

Larry Becke guyverdh at
Thu Oct 11 02:30:14 EST 2007

>1. Why do you think this change provides effective security?
   Specifying the starting directory, and not allowing the user to navigate above it effectively locks the user within that directory. 
>2. Have you ever tried to implement something like this, dealing with>symbolic links, bind mounts, etc.?
   Since you cannot transfer symlinks directly via the scp command, there wouldn't be any in the directories we would be using on the remote system.   
>If you want to confine users effectively, chroot them.
chroot'ing should not be used as a security method, that's been clearly stated time and again.
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.

More information about the openssh-unix-dev mailing list