openssh bugs - May 2007 - [Bug 177] provide chroot option for sftp-server

http://bugzilla.mindrot.org/show_bug.cgi?id=177


devel at homelinkcs.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |devel at homelinkcs.com




------- Comment #12 from devel at homelinkcs.com  2007-05-09 09:06 -------
(In reply to comment #11)

So far, this is the best solution I have seen to the SFTP chroot
problem.  I would love to see it officially implemented, but may begin
using it on a production system long before that.

However, I would like to know what the potential risks are and would
also like to help eliminate them if I can.  So far, the only serious
issue I've found is that tilde expansion done by the shell uses the
$HOME environment variable, which can of course be set in
.ssh/environment .

If I can be of any help in addressing this or other issues, please let
me know.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=177





--- Comment #13 from Joshua Pettett <devel at homelinkcs.com>  2007-05-11
08:02:44 ---
Created an attachment (id=1277)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1277)
Pre-shell tilde expantion proof-of-concept hack

(In reply to comment #12)
> So far, the only serious issue I've found is that tilde expansion
> done by the shell uses the $HOME environment variable, which can of
> course be set in .ssh/environment .
In light of this, would it be appropriate for sshd to expand a tilde in
a subsystem argument before passing it to the shell?  A kludgy
proof-of-concept hack is attached.


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.