X-Recipient: archive-cygwin@delorie.com X-Spam-Check-By: sourceware.org References: <493568B8.3010308@cygwin.com> <49376.99112.qm@web34702.mail.mud.yahoo.com> <20081202231141.GA5449@ednor.casa.cgf.cx> <451120.45664.qm@web34703.mail.mud.yahoo.com> <4935DD4B.7050907@cygwin.com> <690548.2534.qm@web34702.mail.mud.yahoo.com> <4936FEA1.705@cygwin.com> <828494.98789.qm@web34707.mail.mud.yahoo.com> <5E25AF06EFB9EA4A87C19BC98F5C87530208D531@core-email.int.ascribe.com> <20081205141443.GS12905@calimero.vinschen.de> Date: Fri, 5 Dec 2008 12:14:44 -0800 (PST) From: TheO Subject: Re: Finally managed to create a jailed SFTP server, but how secure? To: cygwin@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <696330.68596.qm@web34703.mail.mud.yahoo.com> X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com > > THis isn't a question of being good or badly implemented, it's the > simple fact that it doesn't (and can't) provide what people think it > does. Chroot is a bad fake on Cygwin. Even a super cool implementation > doesn't change that. > I don't know how chroot is implemented but so far everything looks fine Corinna. Normal files in C: drive are not visible because they would have to be mapped to /cygdrive/c/xxx first (and /cygdrive/c doesn't exist). I think the only possibility too see out of jail is by accessing Windows special file names like COM1, LPT1 or pipe names. But this is inherent to "Cygwin over Windows" filesystem not just to chroot. Fortunately I can live without COM1 or LPT1 (I can remove or disable them). -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/