| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; q=dns; s=default; b=VUyHfjn | |
| 4vMrPqGCBQbnpz0qMES21Pd//qMY4hW/N+dEvMzU4evodK/zSQwgXlb11K+XxwdX | |
| PPtUcfI653DPdjy+f5t/vUHMwlv/ULX6U81OmNkGv9QRoFDjWYfGUh1NIuZXIVDq | |
| RL+a6dfZaGDuEVGerlEQ3d7TI+0yv+p/+dos= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to:content-type; s=default; bh=Zh/z0ezCDO8mB | |
| FhK+t2X8qDDQQQ=; b=tSVDIOzE/eZVvU/rLfchgiGvSw2X4N7sGrGWf4z1sN7IT | |
| B3l/FEP9o34MFh6dRuK4f/CgRtJXZ/F88nIYdFY9Q3Qn74wxUMCFfYG+wZO7FObp | |
| d6gDn6o39L8+a7JqBVw1gC2nESL9gMGrFkOcaX7qrgND5QZTvI7NYspnkuYlsg= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=H*c:alternative, she |
| X-HELO: | mout.gmx.com |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1552492734; bh=e7SNC1xfELcXmBKXqkmlEgMGRMlHvnQxvAfssVZA0pg=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=riPKRyu6QpHnon9u9mN+KrRtv/8M79IuEKBZ4r0ypqpv2eG8iM9muhEv9K29JiWfg MugGgs1SgYomBEtVVAI48uXkAjMgwaamkNKQqT1bev8N57KXnsGf6y5Iwcpx1Ak7w8 CFRKd2vBUH8F068gDgm5/P7mPSLIprR+JuAw2p8Y= |
| X-UI-Sender-Class: | 214d933f-fd2f-45c7-a636-f5d79ae31a79 |
| MIME-Version: | 1.0 |
| References: | <CANV9t=S6LFnDSKiJsL3GpjLNC+srJCAgkScZTiG0yAbxq3b40A AT mail DOT gmail DOT com> <CANV9t=SWJ_65Y7jgqgDzNkaUPh1YCHfibp6vb+tmvg-wKtPLyQ AT mail DOT gmail DOT com> <20190313085650 DOT GS3785 AT calimero DOT vinschen DOT de> <CANV9t=Q=HDAoVxjvSp9EqX0GttwxZLW6=OxO6o4eLzs8mejFRQ AT mail DOT gmail DOT com> <20190313152901 DOT GA18873 AT calimero DOT vinschen DOT de> |
| In-Reply-To: | <20190313152901.GA18873@calimero.vinschen.de> |
| From: | Bill Stewart <bstewart AT iname DOT com> |
| Date: | Wed, 13 Mar 2019 09:58:25 -0600 |
| Message-ID: | <CANV9t=RxeKVye=uJ9s=7ncp6jHbyMxAUsRGKa6zEc1VdkCfu+g@mail.gmail.com> |
| Subject: | Re: sshd privsep user still required? |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
On Wed, Mar 13, 2019 at 9:29 AM Corinna Vinschen wrote: > > However: It's still the case that the user cannot bypass OS security even > > if he or she "escapes" from the jail, right? > > > > My goal is to restrict sftp browsing on the client side. > > > > Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config > > seems to accomplish this. > > > > Is this not correct? > > It seems like it, but I wouldn't bet on it. The fact that /cygdrive and > /dev directories are still visible inside the chroot jail speaks against > that. So to summarize: Even though the fake chroot doesn't increase security, it doesn't reduce it, either. In other words, even if the user "escapes" the jail, he or she can still only do what the underlying OS permits. Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |