Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3131] [PATCH] Adding a chroot-directory option per key in authorized_keys file
bugzilla-daemon at bugzilla
Mar 6, 2020, 4:17 AM
Post #1 of 2 (71 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3131

David Shlemayev <davidshlemayev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |davidshlemayev@gmail.com

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3131] [PATCH] Adding a chroot-directory option per key in authorized_keys file [ In reply to ]
bugzilla-daemon at bugzilla
Mar 6, 2020, 11:38 PM
Post #2 of 2 (70 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3131

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
AFAIK it's a bad idea to give the chroot ability to non-privileged
users - there are a number of plausible paths to uid=0 if you can
effectively write to / and /etc. This is why the chroot(1) syscall
requires root privileges to begin with.

I appreciate your precaution of requiring force-command and
sftp-server, but I'm not sure whether your need would be better served
by putting a fake-chroot ability into sftp-server directly.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal