rssh expands command line paramters before invoking chroot.
This could result in the disclosure to the client of file
names outside of the chroot directory. A posting by the rssh
author explains:
The cause of the problem identified by Mr. McCaw is that
rssh expanded command-line arguments prior to entering
the chroot jail. This bug DOES NOT allow a user to
access any of the files outside the jail, but can allow
them to discover what files are in a directory which is
outside the jail, if their credentials on the server would
normally allow them read/execute access in the specified
directory.