X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=xDe9TCGMHmVvx8dguwlmHVpDhMUgA/AYXlTA7QK21WRZ8llP1eyju
	DdbO1Rb6y/mXUDKw2dsbGJ0MJKzNy/wyZ2CAPXH8lKfHd016O9nzciWOu7JHbiTm
	8aQLkm5m1ahhD+PHpdxKsJEDJfY4Toci/DBDoeRVSPNiYZtziGwnok=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=OI+v6Epr2n/Du79lmA1YkrqNsjY=; b=aCrY4dauHkHBrNqScQh/DwDUtDcV
	UskGxqpUnhqhatYLfZqOiRCHjB8mAtEo/HpwHD0vgyqJQJ4kc8sDkY7rMkk/M4IP
	YJPpvC+BCC8aCzpgfwi57Y58UHpw3UNTGu4sQ18heY0dGm48yz+uTsXOrHe+R4BM
	mwZ04C17Sd3FdCI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-102.6 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=password, she, H*F:D*cygwin.com
X-HELO: mout.kundenserver.de
Date: Wed, 13 Mar 2019 16:29:01 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd privsep user still required?
Message-ID: <20190313152901.GA18873@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CANV9t=S6LFnDSKiJsL3GpjLNC+srJCAgkScZTiG0yAbxq3b40A AT mail DOT gmail DOT com> <CANV9t=SWJ_65Y7jgqgDzNkaUPh1YCHfibp6vb+tmvg-wKtPLyQ AT mail DOT gmail DOT com> <20190313085650 DOT GS3785 AT calimero DOT vinschen DOT de> <CANV9t=Q=HDAoVxjvSp9EqX0GttwxZLW6=OxO6o4eLzs8mejFRQ AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
Content-Disposition: inline
In-Reply-To: <CANV9t=Q=HDAoVxjvSp9EqX0GttwxZLW6=OxO6o4eLzs8mejFRQ@mail.gmail.com>
User-Agent: Mutt/1.11.3 (2019-02-01)

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 13 09:11, Bill Stewart wrote:
> On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:
>=20
> > > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > > /etc/password file?
> > >
> > > b) Why is the sshd account required?
> >
> > sshd checks for uid 0 and requires the sshd account when chroot is
> > requested.
> >
> > > c) Why are /cygdrive and /dev directories visible when connecting usi=
ng
> a
> > > sftp client?
> >
> > The Cygwin chroot implementation is pure fake.  It's not backed by the
> > OS and it's failry easy to break out of the jail.  As such, the chroot
> > implementation is deprecated and only kept for backward compatibility.
> > I suggest not to use it.  It gives a wrong sense of security.
>=20
> Right: I totally understand that Cygwin's chroot implementation does not
> add any security (because chroot doesn't exist natively on Windows).
>=20
> However: It's still the case that the user cannot bypass OS security even
> if he or she "escapes" from the jail, right?
>=20
> My goal is to restrict sftp browsing on the client side.
>=20
> Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> seems to accomplish this.
>=20
> Is this not correct?

It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
/dev directories are still visible inside the chroot jail speaks against
that.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyJIb0ACgkQ9TYGna5E
T6D4Vw/9E/GrjoHs4Wx5oeJpN8NHr207pxwJGX/u43EfWYqEaX4NKQ8SCLY0fabE
/UhobaPk97OLfXUCgUFafGLGJn/2Eyj4x788ZIN4D8KA+7zNTS0Lx1U029XtQRZ/
CVYiAFwwBtqVlUndJZwJbe8PaXyzbTxrQ3ty4AWKMDy0D0eO2pDMo7XA3rRwfOvs
uzuHg+UKIn51JhrF+/WWEbs3KvHwaq3Z4OK9a4hBDR53MQhWfA08rUHkp8zNJl0Q
13c7D0kfFhAwf3D1BiQJl1vhjxMNJ7J8164WaPuhn68aZffPg3BYV9IhRX/veCIh
OfouOy700nTWlpDdsd/ru0ZAHSYjqzxveNjewxldXBaA9Ua00K22g9X9LjmzoWyQ
y5I+smor4YFgskMbez8kAsSVVjA8Yp+ExyYLPPW1NajRmwCp4G7XzywIgNfC0gKj
0gDoCodQXtXkbk5sihv5DKS7o7s+jaGkq4FyJcaKUROxiUTQe4DUlWPO9IU2wXZv
LBEPUGxIoP+wzRabZMiPug6HspUdEnPeNWkYmHgwMedAOiR1TF4JEFSoESAeMvT8
wGumxaeZyiZ+O34KEy50vnk6AnuMpo/wGjPLnx4bP5ONNf/Ft9/np2uEjxGyLleP
EkteJ0Mu9AqXBe3rNA4JhFMUCzrHHSKBdf+z5y5hwcyFei+tMuY=
=7xO/
-----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--