X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-Authority-Analysis: v=1.0 c=1 a=qdHvlqEE0G4A:10 a=iIAewln5wGcA:10  a=xe8BsctaAAAA:8 a=KPTAIJnNl7G7Ls2mWMcA:9 a=HLbBQ-4AHwTsnaV_UZWlo3VWlWsA:4  a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10
Message-ID: <49368C19.3060705@byu.net>
Date: Wed, 03 Dec 2008 06:39:37 -0700
From: Eric Blake <ebb9 AT byu DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com>   <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com>   <4934527E DOT 2070200 AT cygwin DOT com>   <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com>   <493568B8 DOT 3010308 AT cygwin DOT com>   <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com>   <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx>   <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com>   <4935DD4B DOT 7050907 AT cygwin DOT com>   <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <af075b00812030245m2b64cae2q4601c63424da611 AT mail DOT gmail DOT com> <49366705 DOT 5D2D6371 AT dessent DOT net> <940072 DOT 24685 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <49368561 DOT A8EAD4CF AT dessent DOT net> <371457 DOT 93288 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com>
In-Reply-To: <371457.93288.qm@web34704.mail.mud.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to TheO on 12/3/2008 6:29 AM:
>> No, we mean "get c:/dir/file" or "get c:\dir\file". (or "put
>> //hostname/share/file", shudder.)
>>
> 
> This is what I get:
> 
>     sftp> cd C:/
>     Couldn't canonicalise: No such file or directory

That's with /.  What about with \?  The cygwin dll sometimes treats the
two separators differently, where using \ is more likely to bypass cygwin
checks.

And what about Brian's other point - if sshd has a security bug like a
buffer overrun (shudder, but possible - look at how often openssh has been
updated over the years to fix security holes as soon as someone identifies
one), then the attacker merely need exploit the buffer overrun to inject
code that calls a native Windows API.  Harder to exploit?  Yes.  But
certainly _much_ more of a worry than whether or not you have hidden
undesirable file names from honest users.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk2jBkACgkQ84KuGfSFAYAZqQCeOq4Xd19ThRoXeKNRnEmJKhRZ
mDEAoJ2UdYEHXhYBLfKWrzvuhQbWXCyN
=ttsH
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/