Chroot patch (v3.4p1)
Markus Friedl
markus at openbsd.org
Fri Jul 5 00:08:25 EST 2002
On Wed, Jul 03, 2002 at 05:47:44PM -0700, John Furman wrote:
> + { "chrootusers", sChrootUsers },
please pipe the patch through unexpand.
> + if(chroot(pw->pw_dir) != 0) {
please don't chroot into $HOME but a configurable (sub)directory,
similar to the AuthorizedKeysFile option, e.g
ChrootDir %h/public_html
otherwise people start messing around with $HOME/.ssh/
or $HOME/.forward, etc.
-m
More information about the openssh-unix-dev
mailing list