Soft chroot jail for sftp-server

Dimitri Nüscheler dimitri.nuescheler at gmail.com
Sun Jan 12 10:21:09 EST 2014


Hi again

I refactored the patch. It's now more decoupled from the SFTP
processing code. All the syscalls used by the processing code now have
a proxy instead of having the processing code very jail-aware.

With that comes a functional difference: The content of a symlink is
not prepended with the jail path. Instead there is also a modified
realpath() also used by the other proxy-syscalls.

I will try to write tests for it. I don't know how to get full
coverage by just using sftp. Help appreciated and any hints on using
the existing regression test framework.

Regards
Dimitri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sftp-server-soft-jail.patch
Type: text/x-patch
Size: 13831 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140112/d4464c66/attachment-0001.bin>


More information about the openssh-unix-dev mailing list