X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
References: <664060.6380.qm@web34704.mail.mud.yahoo.com> <49341625.2090804@cygwin.com> <933558.98400.qm@web34705.mail.mud.yahoo.com> <4934527E.2070200@cygwin.com> <961872.64997.qm@web34701.mail.mud.yahoo.com> <493568B8.3010308@cygwin.com> <49376.99112.qm@web34702.mail.mud.yahoo.com> <20081202231141.GA5449@ednor.casa.cgf.cx>
Date: Tue, 2 Dec 2008 16:00:02 -0800 (PST)
From: TheO <idgajelas@yahoo.com>
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
To: cygwin@cygwin.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <451120.45664.qm@web34703.mail.mud.yahoo.com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

> 

>
>

Many thanks for all your responses so far and I apologize if I
seem to be very persistent with my questions in this thread. 

Maybe it's my fault to pose a such general question. Maybe I should 
be more specific in my questions, asking many smaller targeted 
questions instead of one big one. 

For example;

- Why does internal-sftp subsystem creates /cygdrive inside the
  jailed directory?
- Who creates it? sshd or internal-sftp?
- Why /cygdrive is needed in the jailed environment?
- What harm can one do via /cygdrive eventhough it looks empty?
- Is it possible to hide it in the jailed environment? How?

- internal-sftp seems to have visibility outside the jail directory
  as it can list the owner and group name of the objects inside the
  jail directory although I haven't copied /etc/passwd and /etc/group
  to the jailed directory.
  How can this be possible?

- If I log on using public key authentication, sshd with its internal-
  sftp embedded in it runs using sshd account (correct me if I'm
  wrong here). But how can it read/write to a directory which does not
  belong to that account and from which I revoked group and other r/w
  rights? 

- etc etc

Maybe if I know the answer to some of these puzzles, I would be able
to figure out better what kind of security I can expect from SFTP on
Cygwin.

Do you think I'd better start 2-3 new threads with specific questions in
each? Or shall I just carry on with this thread.

Your suggestions are always more than welcome in this quest.


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/