scponly doesn't compile with scp compatibility per default. I suggest adding a "scp" use flag to control if scp compatibility should be build in or not. Reproducible: Always
Created attachment 143154 [details] scponly ebuild with added scp use flag
Or why not enableing "--enable-scp-compat" per default? The package is named "scponly", but without working scp code it's almost useless.
Additionally the package description is, somewhat ironically, "A tiny pseudoshell which only permits scp and sftp". Note that the previous ebuild for scponly-4.3 *did* have scp support enabled (probably by default) - so there should be a great big warning on merging this package that scp will no longer work: it took me an hour of debugging and look at strace output to work out why a chrooted scponly environment no longer worked after the package upgrade :(
Actually read the SECURITY document. Enabling scp-compat exposes you to a higher risk. But adding a useflag is perfectly reasonable for me. (Just had to remerge it because of scp missing). So +1 for the attached ebuild
I'm not so sure adding --enable-scp-compat by default does expose you to a higher risk. Reading the SECURITY document, it indicates that "by enabling scp and/or scp compatibility, more programs will need to be installed in the chroot which increases the risk". If the added risk comes solely from the extra programs in the chroot (as the above implies) then if the user doesn't change their chroot environment, their risk remains the same. Still, in the interests of caution (and because I could very well be wrong!), I'd like to see the USE flag added.
fixed in CVS.
