X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <af075b00812030245m2b64cae2q4601c63424da611@mail.gmail.com>
Date: Wed, 3 Dec 2008 10:45:43 +0000
From: "Julio Emanuel" <costaju AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
In-Reply-To: <690548.2534.qm@web34702.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> 	 <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com> 	 <4934527E DOT 2070200 AT cygwin DOT com> 	 <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> 	 <493568B8 DOT 3010308 AT cygwin DOT com> 	 <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> 	 <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> 	 <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> 	 <4935DD4B DOT 7050907 AT cygwin DOT com> 	 <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hi, all Cygwinners!

I've been following this thread with most interest, because I've been
thinking in setting up some kind of chroot'ed  SFTP environment
myself.
The tone of the answers are, however, consistent with what I've
already saw in similar threads in the last months. Yet, I still
consider that this kind of answer is lacking the informative part as
in "It's not secure BECAUSE...".

From the answers in this and many other threads, and a little
"gray-matter shaking"(tm) I think I can try to put in words all the
implications around this kind of setup. Please feel free to correct
me, as this is also a "confirmation-probe" from myself to the
list-gurus:

1) Chroot-like features are not supported natively in Windows. Not
even close. Period;
2) Chroot, although configurable in the sshd-config, is not
implemented in sshd (or sftp) but in the Cygwin DLL itself. You can,
for example, do a chroot "on demand" with the chroot(1) command in a
bash prompt - see man chroot.
3) From 1) and 2) you can easily guess that any native windows command
couldn't care less about any chroot configuration or command because
it just does not exist in their environment!
4) Only commands compiled for Cygwin, AND accessing the file system
exclusively through the Cygwin POSIX interfaces can (and will) obey
the chroot settings;
5) So, the bottom line is, for the particular SFTP scenario: As long
as you don't give any executable possibilities to the remote users,
you should stay safe. As far as I can tell, SFTP (and SSHD) fits the
scenario in 4).

Now for my own doubt: why is everyone walking (running) away from
making a statement such as 5)? Is there an easy (or difficult,
whatever) way for anyone execute commands in a SFTP command line?

Thanks for your wisdom!
___________
Julio Costa



On Wed, Dec 3, 2008 at 7:29 AM, TheO <idgajelas AT yahoo DOT com> wrote:
>
> Hi again,
>
> I am afraid I have to ask for clarification again :(, I hope this is the last
> time before I am on my own with this:
>
>
>
> >
> > No, you cannot hide it.  It is created by Cygwin itself as a convenience
> > to access the virtual 'cygdrive' directory.  This is one of a number of
> > virtual directories ('/proc' and '/dev' come to mind) that Cygwin supports.
> > See the description of "Special filenames" in the User's Guide for more
> > details.
> >
>
> I understand why all these virtual directories are necessary at the absolute
> '/' root level. But here I refer to /cygdrive which is created inside the jail
> directory, which means in absolute path, /jail/cygdrive (/jail being the root
> of my jail). Inside the jail, only /cygdrive is created, no other virtual
> directories (/proc or /dev/xxx) or files are created.
>
>
>
> >
> > In 1.7, there is a
> > new authentication module that will solve these and other pubkey
> > authentication problems.  But 1.7 is not currently released and it's
> > release date is not decided.
> >
>
> Thanks for this input. I suppose that to be on safe side, I must restrict
> it to password based authentication only if I use the current Cygwin.
>
>
>
> And finally one more question. I am only aware of two subsystems supported
> by sshd more or less implicitely; sftp and shell (interactive logon). Is there
> any other subsystems which are handled by sshd implicitely (without me having
> to add anything to /etc/sshd_config)?
>
> Thanks again.
>
>
>
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/