diff -Naur openssh-4.2p1/session.c openssh-4.2p1-chroot/session.c
--- openssh-4.2p1/session.c	2005-08-31 18:59:49.000000000 +0200
+++ openssh-4.2p1-chroot/session.c	2005-09-01 19:45:07.000000000 +0200
@@ -59,6 +59,8 @@
 #include "kex.h"
 #include "monitor_wrap.h"
 
+#define CHROOT
+
 #if defined(KRB5) && defined(USE_AFS)
 #include <kafs.h>
 #endif
@@ -1260,6 +1262,11 @@
 void
 do_setusercontext(struct passwd *pw)
 {
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1317,6 +1324,27 @@
 			restore_uid();
 		}
 #endif
+
+#ifdef CHROOT
+		user_dir = xstrdup(pw->pw_dir);
+		new_root = user_dir + 1;
+
+		while((new_root = strchr(new_root, '.')) != NULL) {
+			new_root--;
+			if(strncmp(new_root, "/./", 3) == 0) {
+				*new_root = '\0';
+				new_root += 2;
+
+				if(chroot(user_dir) != 0)
+					fatal("Couldn't chroot to user's directory %s", user_dir);
+				pw->pw_dir = new_root;
+				break;
+			}
+
+			new_root += 2;
+		}
+#endif /* CHROOT */
+
 # ifdef USE_PAM
 		/*
 		 * PAM credentials may take the form of supplementary groups.