| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| X-Authority-Analysis: | v=1.0 c=1 a=7iF1-hIJEFwA:10 a=HYlzlHgEWK4A:10 a=xe8BsctaAAAA:8 a=rs1tStcgnYWc2PAh33EA:9 a=V5qrR2g8TeOZWO6CHUUA:7 a=AbqJub7URicJISEFCHLoa6bxFEYA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10 |
| Message-ID: | <49222995.5030609@byu.net> |
| Date: | Mon, 17 Nov 2008 19:33:57 -0700 |
| From: | Eric Blake <ebb9 AT byu DOT net> |
| User-Agent: | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com, idgajelas AT yahoo DOT com |
| Subject: | Re: SFTP doesn't work with ChrootDirectory option set |
| References: | <97725 DOT 5279 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> |
| In-Reply-To: | <97725.5279.qm@web34701.mail.mud.yahoo.com> |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 11/17/2008 2:24 PM: > Hi, > > I have Cygwin with OpenSSH version 5.1p1-9 installed. > > I managed to make ssh with chroot to work by using ChrootDirectory in sshd_config and copying /bin/bash to the chroot directory. chroot on cygwin is NOT a security measure; it is just an emulation to ease porting. The API exists, and allows cygwin apps to recognize a different root. But the fact remains that you can spawn a non-cygwin program, which doesn't honor the chroot, and all files outside of the chroot area are once again accessible. Therefore, if chroot doesn't add security, then why should ssh, which is all about security, even try to honor ChrootDirectory? - -- Don't work too hard, make some time for fun as well! Eric Blake ebb9 AT byu DOT net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG =50X0 -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |