X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Date: Wed, 3 Dec 2008 13:27:26 +0100
From: Spiro Trikaliotis <an-cygwin@spiro.trikaliotis.net>
To: cygwin@cygwin.com
Message-ID: <20081203122725.GF26030@trikaliotis.net>
Mail-Followup-To: cygwin@cygwin.com
References: <961872.64997.qm@web34701.mail.mud.yahoo.com> <493568B8.3010308@cygwin.com> <49376.99112.qm@web34702.mail.mud.yahoo.com> <20081202231141.GA5449@ednor.casa.cgf.cx> <451120.45664.qm@web34703.mail.mud.yahoo.com> <4935DD4B.7050907@cygwin.com> <690548.2534.qm@web34702.mail.mud.yahoo.com> <af075b00812030245m2b64cae2q4601c63424da611@mail.gmail.com> <49366705.5D2D6371@dessent.net> <af075b00812030338m3708cadv40a62bdde5a2340d@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <af075b00812030338m3708cadv40a62bdde5a2340d@mail.gmail.com>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-SA-Exim-Connect-IP: 87.163.227.124
X-SA-Exim-Mail-From: an-cygwin@spiro.trikaliotis.net
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
X-SA-Exim-Scanned: Yes (on mail.trikaliotis.net)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Hello Julia,

* On Wed, Dec 03, 2008 at 11:38:20AM +0000 Julio Emanuel wrote:
> On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <brian@dessent.net> wrote:

> > This is not valid reasoning, as Eric Blake already pointed out you can
> > still access files outside of a chroot even if you're still going
> > through the Cygwin DLL by using Win32 style pathnames since Cygwin
> > passes those through untouched.
> 
> Aha! So this is the tiny bit that was missing!

It was already mentioned elsethread.

[...]

> I known that it is an ugly solution, but surely it would settle the
> worries for this specific (but more and more frequent) chrooted sftp
> scenario.

But the problem here is: This is just one single problem instance that
would (or might) have been fixed. No-one ever cared to check if there
are other possibilities. In order to be safe, you would have to audit
all relevant parts to find out if there might be other attack vectors.

And from the answers, it is clear that no-one of the cygwin developers
will take that route, as it is not the aim of the project. Like it or
not, but that's how it is currently.

Best regards,
Spiro.

-- 
Spiro R. Trikaliotis                              http://opencbm.sf.net/
http://www.trikaliotis.net/                     http://www.viceteam.org/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/