Relaxing strict chroot checks on recent Linux kernels?
Damien Miller
djm at mindrot.org
Tue Feb 5 09:45:48 EST 2013
On Mon, 4 Feb 2013, Andy Lutomirski wrote:
> > You might only want sftp, but like I said: ChrootDirectory is more general
> > and has to support other uses.
>
> Do the permission checks have to the be same in the ForceCommand
> internal-sftp case, as compared to the general ChrootDirectory case?
That depends how much corner case code we want to carry. To my mind, not
a lot, and especially so when it works only for one platform and it has
to be surrounded by caveats.
-d
More information about the openssh-unix-dev
mailing list