X-Recipient: archive-cygwin@delorie.com
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C53A6388E83E
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=iname.com
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=bstewart@iname.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com;
 s=dbd5af2cbaf7; t=1609858966;
 bh=3/KKKpNrxKNspR98n6tEskK9LDYZg6zI0O/fjby/IVY=;
 h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To;
 b=iFw6ZN+c9WM+POsQ6pV4ELywXUAMT1ffQL5SCMmv91SE4nGSxsaBKb3YOwOeqP06o
 5Tag1+9Lz6wf4Be3VxryUq55PcMZqIkEZBNtP6eD6vN0TQgxWzq30ROpmY4BLZX712
 w/LU7KEvM+7g07jbgKXr5rRVQOhQm6A4fT2EHdpo=
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
X-Gm-Message-State: AOAM53381P49hG0QtZK0FgLTq/MJRNIo5TYSYfvUCWpPFvus7q/hkvRJ
 /TkcC4v1mAy6tf3lzkA3yi+xhVAzYPNdFpURVfE=
X-Google-Smtp-Source: ABdhPJxqmBJ3Z3U2zMLu2WPoW8vks8+DWNDneklv3sA/M8jvgqp4PVyrQujTpMSki5bSvw2Sw8Zo/AR0/pp8onkZWtY=
X-Received: by 2002:a2e:9605:: with SMTP id v5mr9188ljh.81.1609858963833; Tue,
 05 Jan 2021 07:02:43 -0800 (PST)
MIME-Version: 1.0
References: <48b833bd-547a-92eb-542e-b7da8e0d601b@interocitors.com>
 <9d339f8b-83ff-8b9c-b2fe-1c6fa4b2a92d@SystematicSw.ab.ca>
 <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu>
In-Reply-To: <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu>
From: Bill Stewart <bstewart@iname.com>
Date: Tue, 5 Jan 2021 08:02:16 -0700
X-Gmail-Original-Message-ID: <CANV9t=RSdA0NbXNYfbUTB-C-43P5ZZPDEJcOa13zxy3bS=_V5A@mail.gmail.com>
Message-ID: <CANV9t=RSdA0NbXNYfbUTB-C-43P5ZZPDEJcOa13zxy3bS=_V5A@mail.gmail.com>
Subject: Re: Is it possible to define the root directory in a cross compiled
 program
To: cygwin@cygwin.com
X-Provags-ID: V03:K1:CIj39q97pKghkAbfeoGvwOr8Z9rL3PDQR6X/D+eTdD5aBvI1ezE
 SLyOqZmzxEcuIdbis+5Y5MU/YwFCdYBtIXOD1n4AZ3fuW749NN7Rc0Sdfbu3WhNvbUDnpQK
 3xwhZ20HJvrcuCAw5qSMACMwN3mIx9JRWf9JJWpt+SvjmQsSOxPMOoiuqSZtdtzAgcS2GKt
 s7KOUaHIt9WSvYGzdCXVg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:1ALklyz6+N8=:gEQ3eiqG08vlmHej+M6nsG
 tf48kNl2DqBUe3MsdOMg06FX9g41RFoOkqbrMZID2RJ5ipI3lCDfj/Un3XeH2e1Bmnt1cTtBW
 N7AlUc/46ClrhKjoKqS2fRLfhx+y+cFaN3FU+akW9ZWZsOaQej4hZDXtxAhno6f0duzHBbtQE
 ZXO69daNPfJHQ3o3w2VOAW/wGw119vTQ6QmZhOH9+meuDtwnYikIXaX0R8XEJSosh6wgf3JIQ
 ZUtMOSu6AWLzfufXWIZcohZEF0HkeVZGjU0+WAD2FP6/ct11DYgFi2bv5s8FeHTWwzH1hmVwJ
 84+IFuwlvRY9r9kIzWCc3D8B1d55dk8MXWINaaMVdsrFG06ZQ1bxnkGxhnBeNY62E2qqIXVeT
 FgIwVquXSn1NdQMwTD+WGQ4ZVr1/006iEGUTrXspwAu6sp/tm/rVJWmsNTnvfYjvvs9rj2VmI
 vPx21cDet5LSESfHK/+PyObHc6seuCgQpg1Q6/UWIBHqfV8nLi/C6ooGNDF8Yr7/eWVXDvc6w
 msOTnuY+pZdDiAOpWDSX/ps5SkdslZMagTexnjuspuVsvi7l81ND5qeloASll2JW4/5JgNMqz
 CwbgTaPp4WKyJafEXESIkncuS0EMYaXeGxcLHI6900jb6wFSN3e1SyY1RX6jIKEGeuSMy2HIe
 FrfrQiSnMG3ve40h8QbBypLV5vtRE8Ebv2e1T2UPUvaIfjMa7whHm/ljRfuo3i9UxjOE/qCrz
 UT3SvOYq8bWCFusoxTQsOF23T2QfFMy7EooMnM5/eM9pYab0CvYNFPuHTexLN7/lCknR2VP7Z
 sCabRbzoDzEcixFRbKEMkEnBoCvTggkDjq5WxamvXsWyD1yKAsxtJLXgCjWMWM9xdyWfKQoZk
 qsU+0YkFqGv5IzWWNiaA==
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Cygwin" <cygwin-bounces@cygwin.com>

On Tue, Jan 5, 2021 at 6:34 AM Eliot Moss wrote:

> Is there a Windows equivalent to chroot (either the program or the library/system call)?

See: https://cygwin.com/cygwin-ug-net/highlights.html

Quoting:

"Chroot is supported. Kind of. Chroot is not a concept known by
Windows. This implies some serious restrictions. First of all, the
chroot call isn't a privileged call. Any user may call it. Second, the
chroot environment isn't safe against native windows processes. Given
that, chroot in Cygwin is only a hack which pretends security where
there is none. For that reason the usage of chroot is discouraged.
Don't use it unless you really, really know what you're doing."

What I have found is that the cygwin chroot is not a security boundary
(it seems it is possible for an account to "escape" from the "chroot
jail"). However, whatever account is being used by the cygwin process
is still subject to its rights/permissions in Windows (i.e.,
"escaping" from a "chroot jail" does not give additional rights and/or
permissions to an account that it didn't have before).

Bill
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple