>>> "Subsystem sftp /usr/libexec/sftp-server" in sshd_config
>> In contrast to inetd, there's no general, open-ended, well defined
>> interface between sshd and sftp-server.
> The interface isn't particularly well-defined, but it hardly needs to
> be -- the subsystem gets run in a trio of pipes (or, presumably, a
> pty if the client asks for that) connected to the SSH "session"
> channel.  What it does over this channel is up to the definition of
> the subsystem.

...hmm?  You said "trio" of pipes; I can see one for data in, one for
data out...and what's the third?  (EXTENDED_DATA with DATA_STDERR?)
How does it do channel requests?  How does it hear about channel
requests made by the other side?  How does it open new channels?  How
does it ensure it hears about relevant channel open attempts by the
peer - and does it approve or reject them?

And above all, where is all this documented?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B