[scponly] chroot fails without warning - everything still works

[Fred Fiat]

Hello,

scponly seemed to be working great, until I tested the chroot functionality.
With chroot, I am able to view the root / dir, and files in the root /tmp/ dir (i.e. dirs outside of the chroot).

Hope someone can help.

The install went fine, I built using
 ./configure --enable-chrooted-binary --disable-wildcards --disable-winscp-compat

I'm now trying the "make jail" script, here is what I answered:

 # make jail
[snip]
Username to install [scponly]test1
home directory you wish to set for this user [/home/test1]
name of the writeable subdirectory [incoming]
creating  /home/test1/incoming directory for uploading files

Your platform (Linux) does not have a platform specific setup script.
This install script will attempt a best guess.
If you perform customizations, please consider sending me your changes.
Look to the templates in build_extras/arch.
 - joe at sublimation dot org

please set the password for test1:
New password:
Bad password: too short
Re-enter new password:
Password changed
[snip]



then I tried the new account:

# sftp test1 at localhost
Warning: Need basic cursor movement capability, using vt100
warning: Need basic cursor movement capability, using vt100
test1 at localhost's password:
sftp> ls -l /tmp

It lets me see the contents of the root (i.e. out of chroot) /tmp/ directory!
Yikes!

What have I done wrong?