X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Subject: RE: Finally managed to create a jailed SFTP server, but how secure? Date: Fri, 5 Dec 2008 02:24:15 -0000 Message-ID: <5E25AF06EFB9EA4A87C19BC98F5C87530208D531@core-email.int.ascribe.com> In-Reply-To: <828494.98789.qm@web34707.mail.mud.yahoo.com> References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> <49341625 DOT 2090804 AT cygwin DOT com> <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com> <4934527E DOT 2070200 AT cygwin DOT com> <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> <493568B8 DOT 3010308 AT cygwin DOT com> <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> <4935DD4B DOT 7050907 AT cygwin DOT com> <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <4936FEA1 DOT 705 AT cygwin DOT com> <828494 DOT 98789 DOT qm AT web34707 DOT mail DOT mud DOT yahoo DOT com> From: "Phil Betts" To: Reply-To: X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id mB52P9VJ002486 TheO wrote on Thursday, December 04, 2008 4:48 PM:: >>> I understand why all these virtual directories are necessary at the >>> absolute '/' root level. But here I refer to /cygdrive which is >>> created inside the jail directory, which means in absolute path, >>> /jail/cygdrive (/jail being the root >> of my jail). Inside the jail, only /cygdrive is created, no other >> virtual directories (/proc or /dev/xxx) or files are created. >> >> Created or not, they exist. Try it. >> > > I tried it from jailed SFTP session: > > sftp> cd /dev > Couldn't canonicalise: No such file or directory > sftp> cd /proc > Couldn't canonicalise: No such file or directory > > They don't exist. You also need to try symlinks that point outside the "jail". Try creating them both from the shell and within SFTP. You should also check that non-interactive SFTP observes the jail (that is specifying the file to transfer on the command line). Frankly, there are loads of things that you would need to test and you can never be sure you've checked all possible mechanisms. Given that the chroot jail is really an open prison under Windows, one has to wonder if it's worth the effort, and what you have proved if all of your tests have passed. The best you can say is that you are protected against inadvertent access and (possibly) someone casually poking around. Don't forget that even if you decide SFTP is "secure enough", you need to consider the system as a whole. One of the problems with Windows' security in general is the number of open ports and services that are running. If unauthorized users are able to gain access to the system via any other route, then any security SFTP gives you is totally illusory. You would really need an external, aggressive firewall to be sure that the only possible external access was via SFTP. You can't rely on just disabling services, because I have known them to become enabled again after installing updates (thanks MS!) Phil -- This email has been scanned by Ascribe PLC using Microsoft Antigen for Exchange. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/