Mail Archives: cygwin/2021/01/05/10:03:38

Bill Stewart <bstewart AT iname DOT com> · Tue, 5 Jan 2021 08:02:16 -0700

On Tue, Jan 5, 2021 at 6:34 AM Eliot Moss wrote:

> Is there a Windows equivalent to chroot (either the program or the library/system call)?

See: https://cygwin.com/cygwin-ug-net/highlights.html

Quoting:

"Chroot is supported. Kind of. Chroot is not a concept known by
Windows. This implies some serious restrictions. First of all, the
chroot call isn't a privileged call. Any user may call it. Second, the
chroot environment isn't safe against native windows processes. Given
that, chroot in Cygwin is only a hack which pretends security where
there is none. For that reason the usage of chroot is discouraged.
Don't use it unless you really, really know what you're doing."

What I have found is that the cygwin chroot is not a security boundary
(it seems it is possible for an account to "escape" from the "chroot
jail"). However, whatever account is being used by the cygwin process
is still subject to its rights/permissions in Windows (i.e.,
"escaping" from a "chroot jail" does not give additional rights and/or
permissions to an account that it didn't have before).

Bill
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org C53A6388E83E
Authentication-Results:	sourceware.org;
	dmarc=none (p=none dis=none) header.from=iname.com
Authentication-Results:	sourceware.org;
	spf=pass smtp.mailfrom=bstewart AT iname DOT com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com;
	s=dbd5af2cbaf7; t=1609858966;
	bh=3/KKKpNrxKNspR98n6tEskK9LDYZg6zI0O/fjby/IVY=;
	h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To;
	b=iFw6ZN+c9WM+POsQ6pV4ELywXUAMT1ffQL5SCMmv91SE4nGSxsaBKb3YOwOeqP06o
	5Tag1+9Lz6wf4Be3VxryUq55PcMZqIkEZBNtP6eD6vN0TQgxWzq30ROpmY4BLZX712
	w/LU7KEvM+7g07jbgKXr5rRVQOhQm6A4fT2EHdpo=
X-UI-Sender-Class:	214d933f-fd2f-45c7-a636-f5d79ae31a79
X-Gm-Message-State:	AOAM53381P49hG0QtZK0FgLTq/MJRNIo5TYSYfvUCWpPFvus7q/hkvRJ
	/TkcC4v1mAy6tf3lzkA3yi+xhVAzYPNdFpURVfE=
X-Google-Smtp-Source:	ABdhPJxqmBJ3Z3U2zMLu2WPoW8vks8+DWNDneklv3sA/M8jvgqp4PVyrQujTpMSki5bSvw2Sw8Zo/AR0/pp8onkZWtY=
X-Received:	by 2002:a2e:9605:: with SMTP id v5mr9188ljh.81.1609858963833; Tue,
	05 Jan 2021 07:02:43 -0800 (PST)
MIME-Version:	1.0
References:	<48b833bd-547a-92eb-542e-b7da8e0d601b AT interocitors DOT com>
	<9d339f8b-83ff-8b9c-b2fe-1c6fa4b2a92d AT SystematicSw DOT ab DOT ca>
	<472d5b4e-1916-eb79-cf3d-44f43b5f8b5d AT cs DOT umass DOT edu>
In-Reply-To:	<472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu>
From:	Bill Stewart <bstewart AT iname DOT com>
Date:	Tue, 5 Jan 2021 08:02:16 -0700
X-Gmail-Original-Message-ID:	<CANV9t=RSdA0NbXNYfbUTB-C-43P5ZZPDEJcOa13zxy3bS=_V5A AT mail DOT gmail DOT com>
Message-ID:	<CANV9t=RSdA0NbXNYfbUTB-C-43P5ZZPDEJcOa13zxy3bS=_V5A@mail.gmail.com>
Subject:	Re: Is it possible to define the root directory in a cross compiled
	program
To:	cygwin AT cygwin DOT com
X-Provags-ID:	V03:K1:CIj39q97pKghkAbfeoGvwOr8Z9rL3PDQR6X/D+eTdD5aBvI1ezE
	SLyOqZmzxEcuIdbis+5Y5MU/YwFCdYBtIXOD1n4AZ3fuW749NN7Rc0Sdfbu3WhNvbUDnpQK
	3xwhZ20HJvrcuCAw5qSMACMwN3mIx9JRWf9JJWpt+SvjmQsSOxPMOoiuqSZtdtzAgcS2GKt
	s7KOUaHIt9WSvYGzdCXVg==
X-UI-Out-Filterresults:	notjunk:1;V03:K0:1ALklyz6+N8=:gEQ3eiqG08vlmHej+M6nsG
	tf48kNl2DqBUe3MsdOMg06FX9g41RFoOkqbrMZID2RJ5ipI3lCDfj/Un3XeH2e1Bmnt1cTtBW
	N7AlUc/46ClrhKjoKqS2fRLfhx+y+cFaN3FU+akW9ZWZsOaQej4hZDXtxAhno6f0duzHBbtQE
	ZXO69daNPfJHQ3o3w2VOAW/wGw119vTQ6QmZhOH9+meuDtwnYikIXaX0R8XEJSosh6wgf3JIQ
	ZUtMOSu6AWLzfufXWIZcohZEF0HkeVZGjU0+WAD2FP6/ct11DYgFi2bv5s8FeHTWwzH1hmVwJ
	84+IFuwlvRY9r9kIzWCc3D8B1d55dk8MXWINaaMVdsrFG06ZQ1bxnkGxhnBeNY62E2qqIXVeT
	FgIwVquXSn1NdQMwTD+WGQ4ZVr1/006iEGUTrXspwAu6sp/tm/rVJWmsNTnvfYjvvs9rj2VmI
	vPx21cDet5LSESfHK/+PyObHc6seuCgQpg1Q6/UWIBHqfV8nLi/C6ooGNDF8Yr7/eWVXDvc6w
	msOTnuY+pZdDiAOpWDSX/ps5SkdslZMagTexnjuspuVsvi7l81ND5qeloASll2JW4/5JgNMqz
	CwbgTaPp4WKyJafEXESIkncuS0EMYaXeGxcLHI6900jb6wFSN3e1SyY1RX6jIKEGeuSMy2HIe
	FrfrQiSnMG3ve40h8QbBypLV5vtRE8Ebv2e1T2UPUvaIfjMa7whHm/ljRfuo3i9UxjOE/qCrz
	UT3SvOYq8bWCFusoxTQsOF23T2QfFMy7EooMnM5/eM9pYab0CvYNFPuHTexLN7/lCknR2VP7Z
	sCabRbzoDzEcixFRbKEMkEnBoCvTggkDjq5WxamvXsWyD1yKAsxtJLXgCjWMWM9xdyWfKQoZk
	qsU+0YkFqGv5IzWWNiaA==
X-Spam-Status:	No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019