X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-YMail-OSG: 41fLJU0VM1kUZkLz28oMPG8EzhVDz.m0PCHYJZMDdIYFs7tC2V4uE31fGCsWXJL1Df9ndgUpv_xb5t9QOavDoaG8Pbs8WpUK9FIadCGJYuTfdaTgrHDj7JKVa.FZhLyfTEvwkiHQWqN1b1SKaZZ0Jvp4vg.znmrYoZYC5pH_aLEZz9GP3kMcgjRJIX.t
X-Mailer: YahooMailWebService/0.7.260.1
Date: Wed, 19 Nov 2008 02:14:36 -0800 (PST)
From: TheO <idgajelas AT yahoo DOT com>
Subject: Re: SFTP doesn't work with ChrootDirectory option set
To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <316280.608.qm@web34701.mail.mud.yahoo.com>
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hi again,

Actually I am newbie to cygwin and this mailing list so first, please excuse my ignorance.

I just want to know whether this ChrootDirectory option is currently unsupported in cygwin SSH or is it just me who don't know how to use it? I googled about this particular issue and saw that there was a way to jail SFTP users in different flavors of Unix but I couldn't find a particular article which explicitely talked about cygwin port of OpenSSH.

And if it is really unsupported, what does one do usually in order to get the attention of Cygwin contributors? Is there any kind of cygwin wish list which I can participate in?

Thanks in advance.

--- On Mon, 11/17/08, Eric Blake <ebb9 AT byu DOT net> wrote:
From: Eric Blake
Subject: Re: SFTP doesn't work with ChrootDirectory option set
To: cygwin, idgajelas
Date: Monday, November 17, 2008, 9:33 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to TheO on 11/17/2008 2:24 PM:
> Hi,
> 
> I have Cygwin with OpenSSH version 5.1p1-9 installed.
> 
> I managed to make ssh with chroot to work by using ChrootDirectory in
sshd_config and copying /bin/bash to the chroot directory.

chroot on cygwin is NOT a security measure; it is just an emulation to
ease porting.  The API exists, and allows cygwin apps to recognize a
different root.  But the fact remains that you can spawn a non-cygwin
program, which doesn't honor the chroot, and all files outside of the
chroot area are once again accessible.  Therefore, if chroot doesn't add
security, then why should ssh, which is all about security, even try
 to
honor ChrootDirectory?

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy
pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG
=50X0
-----END PGP SIGNATURE-----



      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/