X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
X-Authority-Analysis: v=1.0 c=1 a=7iF1-hIJEFwA:10 a=HYlzlHgEWK4A:10  a=xe8BsctaAAAA:8 a=rs1tStcgnYWc2PAh33EA:9 a=V5qrR2g8TeOZWO6CHUUA:7  a=AbqJub7URicJISEFCHLoa6bxFEYA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10
Message-ID: <49222995.5030609@byu.net>
Date: Mon, 17 Nov 2008 19:33:57 -0700
From: Eric Blake <ebb9@byu.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin@cygwin.com, idgajelas@yahoo.com
Subject: Re: SFTP doesn't work with ChrootDirectory option set
References: <97725.5279.qm@web34701.mail.mud.yahoo.com>
In-Reply-To: <97725.5279.qm@web34701.mail.mud.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to TheO on 11/17/2008 2:24 PM:
> Hi,
> 
> I have Cygwin with OpenSSH version 5.1p1-9 installed.
> 
> I managed to make ssh with chroot to work by using ChrootDirectory in sshd_config and copying /bin/bash to the chroot directory.

chroot on cygwin is NOT a security measure; it is just an emulation to
ease porting.  The API exists, and allows cygwin apps to recognize a
different root.  But the fact remains that you can spawn a non-cygwin
program, which doesn't honor the chroot, and all files outside of the
chroot area are once again accessible.  Therefore, if chroot doesn't add
security, then why should ssh, which is all about security, even try to
honor ChrootDirectory?

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy
pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG
=50X0
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/