X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <20815125.post@talk.nabble.com>
Date: Wed, 3 Dec 2008 07:30:08 -0800 (PST)
From: Eric Blake <ebb9 AT byu DOT net>
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
In-Reply-To: <378707.37220.qm@web34701.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> <49341625 DOT 2090804 AT cygwin DOT com> <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com> <4934527E DOT 2070200 AT cygwin DOT com> <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> <493568B8 DOT 3010308 AT cygwin DOT com> <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> <4935DD4B DOT 7050907 AT cygwin DOT com> <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <af075b00812030245m2b64cae2q4601c63424da611 AT mail DOT gmail DOT com> <49366705 DOT 5D2D6371 AT dessent DOT net> <940072 DOT 24685 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <49368561 DOT A8EAD4CF AT dessent DOT net> <371457 DOT 93288 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> <49368C19 DOT 3060705 AT byu DOT net> <378707 DOT 37220 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


> > And what about Brian's other point - if sshd has a security bug like a
> > buffer overrun (shudder, but possible - look at how often openssh has
> been
> > updated over the years to fix security holes as soon as someone
> identifies
> > one)
> 
> Such hole would affect all OpenSSH implementation. Even the Linux version.
> Am I correct?

On one level, yes - if the bug is in the sshd code, then there is
a good chance all OpenSSH ports would have the same buffer
overflow bug (unless the bug is in a platform-dependent #ifdef
section).  But on another level, _no_, and that is what we are
trying to tell you.  On Linux, if someone can exploit a buffer
overflow, ALL they can corrupt is the chroot jail - the rest of
your system is _untouched_.  On Cygwin, if someone can
exploit a buffer overflow, the ENTIRE OS is up for grabs, and
they can alter any file they want, because the OS is not
enforcing a chroot jail.

One other point: on Cygwin, you have the potential for a
buffer overflow in cygwin1.dll (we hope not, but it is
possible), which could mean that the cygwin sshd is
vulnerable based on the .dll it links against while the same
version of sshd on Linux is secure.  I suppose the converse
is true - a buffer overflow in glibc could make the Linux
sshd vulnerable while the Cygwin version is fine; but
remember that more people tend to audit glibc code than
cygwin code.

-- 
Eric Blake

-- 
View this message in context: http://www.nabble.com/Finally-managed-to-create-a-jailed-SFTP-server%2C-but-how-secure--tp20775267p20815125.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/