Mail Archives: cygwin/2008/12/03/08:12:54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to TheO on 12/3/2008 5:57 AM:
> And if I understand correctly, one of the possible way for user to bypass check
> by Cygwin is to use Win32 reserved file names.
>
> identifying what filenames are reserved by Win32, this is what I've got (please
> complete it if I am missing something):
>
> Dos devices: CON, COMn, LPTn, AUX, PRN, NUL (n=0, 1, ...)
> Named Pipes: \\.\Pipe\foo
> Physical Driver: \\.\PhysicalDriveN (N=0, 1, ...)
You still haven't tested a biggie (that we've already told you about):
DOS file names: c:\path\to\file
If someone can convince a remote sftp client to ask your SFTP server to
transfer a DOS file name, then the remote machine has effectively looked
outside of your jail, because cygwin cannot place DOS filenames inside the
chroot. And we are unlikely to slow down cygwin just to plug this hole in
the chroot facade, because we aren't interested in auditing what other
holes may exist. I don't see why you persist in asking when we've already
told you the answer, five times over. chroot does _not_ add security in a
cygwin environment, nor will we ever be able to make it add security. It
merely adds a facade that makes it easier to port Linux apps that use
chroot; and it is up to you, not us, to verify whether that facade is
sufficient for your needs, because we don't plan on spending the time to
audit it.
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkk2hZEACgkQ84KuGfSFAYAuwQCcDoGIv1AEN2Le5gRGF4+VYb72
TaQAn1o4eSoPoaoAjRDGak8cPlSmhNg8
=xPny
-----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -