On Mon, Jun 24, 2002 at 08:08:12PM -0400, ari wrote: > Given the similarities with certain other security issues, i'm surprised > this hasn't been discussed earlier. If it has, people simply haven't > paid it enough attention. if you setup restricted accounts with restricted shells and allow unrestricted writing to .ssh/** then you are lost. same applies to ftp-only accounts where users have full control over what's in their $HOME. so for restricted accounts you have to be very careful, don't allow writing to $HOME, just to some selected sub directories. -m
