X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Fri, 5 Dec 2008 11:46:39 -0800 (PST)
From: TheO <idgajelas AT yahoo DOT com>
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <166589.77178.qm@web34704.mail.mud.yahoo.com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

> 
> From what we've seen so far, it seems that SFTP responds as expected.
> That is all that I want to know.
> From this point forward, we must try to close all other access ways
> that does not belong to the scenario... but those are not excuses to
> not implement the SFTP chroot.
> 

Actually, my real case is even simpler than this. My SFTP users are all "friendly", 
they are not unknown to me. It is a cooperative environment and to be honest, I 
don't believe that they would harm my system by hacking into it.

But I don't want them to poke around and see the content of other directories which
do not concern them, read my config files, see who other users are or list the content
of my C: drive, ...

Yes so far the set up looks as expected. However, I would have preferred better if
/cygdrive was not visible too even if they can't do anything with it. Ideally there
should not be anything which could give them any hint on the type of my platform.

I don't know who creates /cygdrive here. It is not required in this chroot'ed 
environment. My guess, it is created by sftp-server at start up (regardless whether
it runs under chroot'ed environment or not). Maybe someone can confirm this better than
me.



One more thing to add.

According to its RFC (4254), once a session is established, SSH allows the client to specify
anycommand to execute or any subsystem to be spawned on the server side.

But I think I am safe here too because;

1. I only put sftp subsystem in the sshd_config so any other subsystem request will fail.
2. No command can be executed since it requires /bin/bash (or another shell as defined by
   /etc/passwd) to be present in the jail.


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/