From 09367de809ae12b0cbe996c4fe78e703761f8e28 Mon Sep 17 00:00:00 2001 From: dtucker Date: Fri, 8 Jan 2010 06:06:47 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2009/11/10 02:58:56 [sshd_config.5] clarify that StrictModes does not apply to ChrootDirectory. Permissions and ownership are always checked when chrooting. bz#1532 --- ChangeLog | 4 ++++ sshd_config.5 | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 712a9caf..604b5d77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,10 @@ [ssh_config.5] explain the constraints on LocalCommand some more so people don't try to abuse it. + - djm@cvs.openbsd.org 2009/11/10 02:58:56 + [sshd_config.5] + clarify that StrictModes does not apply to ChrootDirectory. Permissions + and ownership are always checked when chrooting. bz#1532 20091226 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 diff --git a/sshd_config.5 b/sshd_config.5 index 98eefd9a..a6a3f0a4 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.111 2009/10/28 21:45:08 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.112 2009/11/10 02:58:56 djm Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -832,6 +832,9 @@ This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is .Dq yes . +Note that this does not apply to +.Cm ChrootDirectory , +whose permissions and ownership are checked unconditionally. .It Cm Subsystem Configures an external subsystem (e.g. file transfer daemon). Arguments should be a subsystem name and a command (with optional arguments) -- 2.45.2