What’s missing from the sftp chroot setup

I've followed a half-dozen different tutorials on setting up chroot for sftp users, but my jailed users can still browse up into parent directories. I suspect my permissions aren't set up correctly, because this is the part that varies the most between the tutorials. Here's what I've done so far:

1) I'm using CentOS 5.6, where the default OpenSSH is version 4.3, so I manually installed the latest 5.x version. Running sshd -v now returns OpenSSH_5.9p1, OpenSSL 0.9.8e-fips-rhel5.

2) I edited /etc/ssh/sshd_config to change Subsystem sftp to internal-sftp, and added:

Match user guest
ChrootDirectory %h
X11Forwarding no    
AllowTcpForwarding no
ForceCommand internal-sftp

3) Restarted sshd.

4) Created a user "guest" with home directory /var/www/uploads/guest.

5) /var/www/uploads is owned by root:root with mode 755.

6) /var/www/uploads/guest is owned by guest:root with mode 755.

Using the Transmit sftp client on my Mac, I logged in with the guest user. It opens the user's home directory by default, but I can then navigate up the directory levels and browse other directories on the server.

Some tutorials say /var/www/uploads should have mode 700 or 750; if I do this, I can still log in as the guest user, but I see the server root directory by default and can browse all other directories.

Other tutorials say I should change the guest user's shell to /bin/false; if I do this, I can't log in as the guest user at all. Transmit says "The user name or password was not accepted by the server" and the command-line sftp client says "Connection closed" after I enter the password.

I think I've tried everything — can someone see what's missing?