X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <af075b00812030338m3708cadv40a62bdde5a2340d@mail.gmail.com>
Date: Wed, 3 Dec 2008 11:38:20 +0000
From: "Julio Emanuel" <costaju AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
In-Reply-To: <49366705.5D2D6371@dessent.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> 	 <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> 	 <493568B8 DOT 3010308 AT cygwin DOT com> 	 <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> 	 <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> 	 <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> 	 <4935DD4B DOT 7050907 AT cygwin DOT com> 	 <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> 	 <af075b00812030245m2b64cae2q4601c63424da611 AT mail DOT gmail DOT com> 	 <49366705 DOT 5D2D6371 AT dessent DOT net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <brian AT dessent DOT net> wrote:
> Julio Emanuel wrote:
>
>> 4) Only commands compiled for Cygwin, AND accessing the file system
>> exclusively through the Cygwin POSIX interfaces can (and will) obey
>> the chroot settings;
>
> This is not valid reasoning, as Eric Blake already pointed out you can
> still access files outside of a chroot even if you're still going
> through the Cygwin DLL by using Win32 style pathnames since Cygwin
> passes those through untouched.

Aha! So this is the tiny bit that was missing! What you are saying is
that the Cygwin DLL does not honor the chroot if the path is in WIN32
format? But why is that? It shouldn't honor the chroot all the time?
I mean, this sounds like the "right thing to do"(tm), if Cygwin is
supposed to fully support chroot environments...

> Whether or not you can trick the sftp
> code into letting such a filename through remains to be seen, but the
> point here is that just because the access occurs via the Cygwin API
> doesn't mean the chroot is absolute.

Right. Point taken.
Although, this could be answered with a patch (a ugly-cygwin-only
patch) to the sftp/sshd package to filter all the Windowish file paths
that came across, right?
I known that it is an ugly solution, but surely it would settle the
worries for this specific (but more and more frequent) chrooted sftp
scenario.

>
> Brian
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/