scp -t . - possible idea for additional parameter

Larry Becke guyverdh at hotmail.com
Thu Oct 11 02:30:14 EST 2007


>1. Why do you think this change provides effective security?
 
   Specifying the starting directory, and not allowing the user to navigate above it effectively locks the user within that directory. 
>2. Have you ever tried to implement something like this, dealing with>symbolic links, bind mounts, etc.?
   Since you cannot transfer symlinks directly via the scp command, there wouldn't be any in the directories we would be using on the remote system.   
>If you want to confine users effectively, chroot them.
chroot'ing should not be used as a security method, that's been clearly stated time and again.
_________________________________________________________________
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline


More information about the openssh-unix-dev mailing list