X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=EgB1v1f
	/Pr0yrXFn1rNIdLx7zfueZYXZho2z2//mWxO6TXIG5NDH++5b3y6iKNa18P2VgDV
	7Fkd6RWo78OBPRVGyl1+BMW8trJSy7oE/BUVM0dQ9u4Qnnas+z0jGu8BsEexG5f/
	wxGOYriSO6Uv/ybVwy+Mnb4nddk38dT+gLEI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=NTyzWXPdxGpp/
	xP0q1eCGy6t1Pg=; b=Euii13rsn/oMsdDzHf9zkL1t76C6WdlhOCazH1t2E+gUS
	didBFU+ANphEYy4GHhQPwLwIKtTlIVo2+OZqLmpkmuASpHL6E7RiiIrJrIwpcaVh
	KfHDFxjdewoMTTIN5VF3qMp+YHMwRP0ARQCb8O0NxgIjy2LULIlo3GXStlF5Bw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=accomplish, H*c:alternative, password, she
X-HELO: mout.gmx.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com;	s=dbd5af2cbaf7; t=1552489931;	bh=36uKm20HaIbJNbtf+6Qe1K34CBxtY1qqItA410m4LaA=;	h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To;	b=IgIhq0TeL/LG6yEyEjYxyVC4fWUHzSPAX9pwCvWipFdSj2eQ245Qb8jxAYfjZG5Nj	 WxWwfYJsR9RnFcTLFZa8efSGT7l99ROxJ/iC6vca3NJnf00LnKW56BRhwPYD4n3k7B	 F7xjl496Ny4bKHf7272WsC8XIt85bzGhCbm3v8Cc=
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version: 1.0
References: <CANV9t=S6LFnDSKiJsL3GpjLNC+srJCAgkScZTiG0yAbxq3b40A AT mail DOT gmail DOT com> <CANV9t=SWJ_65Y7jgqgDzNkaUPh1YCHfibp6vb+tmvg-wKtPLyQ AT mail DOT gmail DOT com> <20190313085650 DOT GS3785 AT calimero DOT vinschen DOT de>
In-Reply-To: <20190313085650.GS3785@calimero.vinschen.de>
From: Bill Stewart <bstewart AT iname DOT com>
Date: Wed, 13 Mar 2019 09:11:42 -0600
Message-ID: <CANV9t=Q=HDAoVxjvSp9EqX0GttwxZLW6=OxO6o4eLzs8mejFRQ@mail.gmail.com>
Subject: Re: sshd privsep user still required?
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes

On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:

> > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > /etc/password file?
> >
> > b) Why is the sshd account required?
>
> sshd checks for uid 0 and requires the sshd account when chroot is
> requested.
>
> > c) Why are /cygdrive and /dev directories visible when connecting using
a
> > sftp client?
>
> The Cygwin chroot implementation is pure fake.  It's not backed by the
> OS and it's failry easy to break out of the jail.  As such, the chroot
> implementation is deprecated and only kept for backward compatibility.
> I suggest not to use it.  It gives a wrong sense of security.

Right: I totally understand that Cygwin's chroot implementation does not
add any security (because chroot doesn't exist natively on Windows).

However: It's still the case that the user cannot bypass OS security even
if he or she "escapes" from the jail, right?

My goal is to restrict sftp browsing on the client side.

Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
seems to accomplish this.

Is this not correct?

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple