X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-AuditID: 9508402e-abc70ba000006fad-03-49399a964fb8
Message-Id: <49399A96.4040203@saic.com>
Date: Fri, 05 Dec 2008 16:18:14 -0500
From: Roger Wells <ROGER DOT K DOT WELLS AT saic DOT com>
Reply-To: "WELLS, ROGER K." <ROGER DOT K DOT WELLS AT saic DOT com>
User-Agent: Thunderbird 2.0.0.18 (X11/20081105)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
References: <166589 DOT 77178 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com>
In-Reply-To: <166589.77178.qm@web34704.mail.mud.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


TheO wrote:
>> From what we've seen so far, it seems that SFTP responds as expected.
>> That is all that I want to know.
>> From this point forward, we must try to close all other access ways
>> that does not belong to the scenario... but those are not excuses to
>> not implement the SFTP chroot.
>>
>>     
>
> Actually, my real case is even simpler than this. My SFTP users are all "friendly", 
> they are not unknown to me. It is a cooperative environment and to be honest, I 
> don't believe that they would harm my system by hacking into it.
>
> But I don't want them to poke around and see the content of other directories which
> do not concern them, read my config files, see who other users are or list the content
> of my C: drive, ...
>
> Yes so far the set up looks as expected. However, I would have preferred better if
> /cygdrive was not visible too even if they can't do anything with it. Ideally there
> should not be anything which could give them any hint on the type of my platform.
>
>   
if you are concerned about the "cygdrive" text there is a registry entry 
where you can set that to whatever you want including "". That is what I 
do. I would tell you what it is but my windows machine is not here right 
now. Then when you "ls /" you get /c, /d etc instead of /cygdrive/c, 
/cygdrive/d, etc.
cheers,
roger wells
> I don't know who creates /cygdrive here. It is not required in this chroot'ed 
> environment. My guess, it is created by sftp-server at start up (regardless whether
> it runs under chroot'ed environment or not). Maybe someone can confirm this better than
> me.
>
>
>
> One more thing to add.
>
> According to its RFC (4254), once a session is established, SSH allows the client to specify
> anycommand to execute or any subsystem to be spawned on the server side.
>
> But I think I am safe here too because;
>
> 1. I only put sftp subsystem in the sshd_config so any other subsystem request will fail.
> 2. No command can be executed since it requires /bin/bash (or another shell as defined by
>    /etc/passwd) to be present in the jail.
>
>
>       
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>
>   

-- 
Roger Wells, P.E.
SAIC
221 Third St
Newport, RI 02840
401-847-4210 (voice)
401-849-1585 (fax)
roger DOT k DOT wells AT saic DOT com


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/