X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C53A6388E83E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=iname.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=bstewart AT iname DOT com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1609858966; bh=3/KKKpNrxKNspR98n6tEskK9LDYZg6zI0O/fjby/IVY=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=iFw6ZN+c9WM+POsQ6pV4ELywXUAMT1ffQL5SCMmv91SE4nGSxsaBKb3YOwOeqP06o 5Tag1+9Lz6wf4Be3VxryUq55PcMZqIkEZBNtP6eD6vN0TQgxWzq30ROpmY4BLZX712 w/LU7KEvM+7g07jbgKXr5rRVQOhQm6A4fT2EHdpo= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 X-Gm-Message-State: AOAM53381P49hG0QtZK0FgLTq/MJRNIo5TYSYfvUCWpPFvus7q/hkvRJ /TkcC4v1mAy6tf3lzkA3yi+xhVAzYPNdFpURVfE= X-Google-Smtp-Source: ABdhPJxqmBJ3Z3U2zMLu2WPoW8vks8+DWNDneklv3sA/M8jvgqp4PVyrQujTpMSki5bSvw2Sw8Zo/AR0/pp8onkZWtY= X-Received: by 2002:a2e:9605:: with SMTP id v5mr9188ljh.81.1609858963833; Tue, 05 Jan 2021 07:02:43 -0800 (PST) MIME-Version: 1.0 References: <48b833bd-547a-92eb-542e-b7da8e0d601b AT interocitors DOT com> <9d339f8b-83ff-8b9c-b2fe-1c6fa4b2a92d AT SystematicSw DOT ab DOT ca> <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d AT cs DOT umass DOT edu> In-Reply-To: <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu> From: Bill Stewart Date: Tue, 5 Jan 2021 08:02:16 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Is it possible to define the root directory in a cross compiled program To: cygwin AT cygwin DOT com X-Provags-ID: V03:K1:CIj39q97pKghkAbfeoGvwOr8Z9rL3PDQR6X/D+eTdD5aBvI1ezE SLyOqZmzxEcuIdbis+5Y5MU/YwFCdYBtIXOD1n4AZ3fuW749NN7Rc0Sdfbu3WhNvbUDnpQK 3xwhZ20HJvrcuCAw5qSMACMwN3mIx9JRWf9JJWpt+SvjmQsSOxPMOoiuqSZtdtzAgcS2GKt s7KOUaHIt9WSvYGzdCXVg== X-UI-Out-Filterresults: notjunk:1;V03:K0:1ALklyz6+N8=:gEQ3eiqG08vlmHej+M6nsG tf48kNl2DqBUe3MsdOMg06FX9g41RFoOkqbrMZID2RJ5ipI3lCDfj/Un3XeH2e1Bmnt1cTtBW N7AlUc/46ClrhKjoKqS2fRLfhx+y+cFaN3FU+akW9ZWZsOaQej4hZDXtxAhno6f0duzHBbtQE ZXO69daNPfJHQ3o3w2VOAW/wGw119vTQ6QmZhOH9+meuDtwnYikIXaX0R8XEJSosh6wgf3JIQ ZUtMOSu6AWLzfufXWIZcohZEF0HkeVZGjU0+WAD2FP6/ct11DYgFi2bv5s8FeHTWwzH1hmVwJ 84+IFuwlvRY9r9kIzWCc3D8B1d55dk8MXWINaaMVdsrFG06ZQ1bxnkGxhnBeNY62E2qqIXVeT FgIwVquXSn1NdQMwTD+WGQ4ZVr1/006iEGUTrXspwAu6sp/tm/rVJWmsNTnvfYjvvs9rj2VmI vPx21cDet5LSESfHK/+PyObHc6seuCgQpg1Q6/UWIBHqfV8nLi/C6ooGNDF8Yr7/eWVXDvc6w msOTnuY+pZdDiAOpWDSX/ps5SkdslZMagTexnjuspuVsvi7l81ND5qeloASll2JW4/5JgNMqz CwbgTaPp4WKyJafEXESIkncuS0EMYaXeGxcLHI6900jb6wFSN3e1SyY1RX6jIKEGeuSMy2HIe FrfrQiSnMG3ve40h8QbBypLV5vtRE8Ebv2e1T2UPUvaIfjMa7whHm/ljRfuo3i9UxjOE/qCrz UT3SvOYq8bWCFusoxTQsOF23T2QfFMy7EooMnM5/eM9pYab0CvYNFPuHTexLN7/lCknR2VP7Z sCabRbzoDzEcixFRbKEMkEnBoCvTggkDjq5WxamvXsWyD1yKAsxtJLXgCjWMWM9xdyWfKQoZk qsU+0YkFqGv5IzWWNiaA== X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" On Tue, Jan 5, 2021 at 6:34 AM Eliot Moss wrote: > Is there a Windows equivalent to chroot (either the program or the library/system call)? See: https://cygwin.com/cygwin-ug-net/highlights.html Quoting: "Chroot is supported. Kind of. Chroot is not a concept known by Windows. This implies some serious restrictions. First of all, the chroot call isn't a privileged call. Any user may call it. Second, the chroot environment isn't safe against native windows processes. Given that, chroot in Cygwin is only a hack which pretends security where there is none. For that reason the usage of chroot is discouraged. Don't use it unless you really, really know what you're doing." What I have found is that the cygwin chroot is not a security boundary (it seems it is possible for an account to "escape" from the "chroot jail"). However, whatever account is being used by the cygwin process is still subject to its rights/permissions in Windows (i.e., "escaping" from a "chroot jail" does not give additional rights and/or permissions to an account that it didn't have before). Bill -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple