On 10/04/2016 11:30 PM, Russ Allbery wrote: > Yeah, sadly you need a bunch of stuff in the chroot because you have to > execute the server end of scp or whatever in the chroot. So it needs all > of its libraries and so forth. > > The mkchroot.sh script in the distribution does an okay job for Linux > systems but is probably missing a ton of stuff for FreeBSD. There's a > bunch more details in the CHROOT file. > [snip] > Also, I feel obligated to warn that rssh may be inherently insecure on > FreeBSD given this statement in the wordexp(3) manual page: > [snip] > This is exactly what rssh does and has to do, so if there are indeed such > flaws, they would allow an authenticated attacker to bypass all of the > command restrictions (although, at least in theory, not the chroot). >
That is immensely helpful. I naively installed rssh from the FreeBSD package system assuming, well... I'm looking through the rssh source directory now; I'm not sure how I will proceed. Thanks for help. The response was awesome! (I'm thoroughly impressed). ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
