Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Thu, 17 Jun 2004 19:37:36 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Andreas v. Rosen" <andreas AT von-rosen DOT org>
cc: cygwin AT cygwin DOT com
Subject: Re: michael's openssh for windows
In-Reply-To: <40D2446C.9426.14C9116B@localhost>
Message-ID: <Pine.GSO.4.58.0406171928390.3356@slinky.cs.nyu.edu>
References: <40D2446C DOT 9426 DOT 14C9116B AT localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

Andreas,

It's usually a good idea to send your Cygwin-related questions to the
Cygwin mailing list instead of via private mail.  Not only will you get
access to the combined expertise of the list, which is more than any one
person can provide, but your questions (and answers to them) will be
archived so that others with similar problems can find them by searching
the web archives.  I'm redirecting this reply to the list, and setting the
Reply-To header accordingly.

More below.

On Fri, 18 Jun 2004, Andreas v. Rosen wrote:

> Hi Igor, Johnny, Mark,
>
> I read your thread
> (http://www.cygwin.com/ml/cygwin/2003-08/msg00695.html) on setting up
> sftp in a chroot environment and tried the same.
>
> I got it working nicely and was really pleased until I found out that I
> can use the sftp client to break out into a shell and e.g. list my
> "hidden" directories. "!/usr/bin/ls -la /cygdrive/d" did the trick.
>
> Did I miss something here? Do you know about this problem?
>
> rgds
> Andreas

I don't recall the thread, but I suppose the above hole in chroot is due
to the fact that Cygwin's mounts aren't really part of the filesystem (the
way they are in Unix), and so chroot doesn't know to guard against them.
The proper fix would probably be to fix chroot (if at all possible).
However, a workaround might be to create a user that has no mounts other
than the essential ones (e.g., "nobody" or "ftp"), and switch to that user
after chroot'ing.  Also, one more thing to try is create the actual
/cygdrive directory, which may make chroot restrict the access to anything
under that...
HTH,
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/