X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org X-Authority-Analysis: v=1.0 c=1 a=qdHvlqEE0G4A:10 a=iIAewln5wGcA:10 a=xe8BsctaAAAA:8 a=a7ne2gGZyDg3_CdMJJ4A:9 a=qTwloOC8BH8ArMtrwqwA:7 a=SsGbIMWFpInV74hEe6tzVFmibLcA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10 Message-ID: <49368591.8080500@byu.net> Date: Wed, 03 Dec 2008 06:11:45 -0700 From: Eric Blake User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Finally managed to create a jailed SFTP server, but how secure? References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com> <4934527E DOT 2070200 AT cygwin DOT com> <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> <493568B8 DOT 3010308 AT cygwin DOT com> <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> <4935DD4B DOT 7050907 AT cygwin DOT com> <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <49366705 DOT 5D2D6371 AT dessent DOT net> <940072 DOT 24685 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> In-Reply-To: <940072.24685.qm@web34702.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 12/3/2008 5:57 AM: > And if I understand correctly, one of the possible way for user to bypass check > by Cygwin is to use Win32 reserved file names. > > identifying what filenames are reserved by Win32, this is what I've got (please > complete it if I am missing something): > > Dos devices: CON, COMn, LPTn, AUX, PRN, NUL (n=0, 1, ...) > Named Pipes: \\.\Pipe\foo > Physical Driver: \\.\PhysicalDriveN (N=0, 1, ...) You still haven't tested a biggie (that we've already told you about): DOS file names: c:\path\to\file If someone can convince a remote sftp client to ask your SFTP server to transfer a DOS file name, then the remote machine has effectively looked outside of your jail, because cygwin cannot place DOS filenames inside the chroot. And we are unlikely to slow down cygwin just to plug this hole in the chroot facade, because we aren't interested in auditing what other holes may exist. I don't see why you persist in asking when we've already told you the answer, five times over. chroot does _not_ add security in a cygwin environment, nor will we ever be able to make it add security. It merely adds a facade that makes it easier to port Linux apps that use chroot; and it is up to you, not us, to verify whether that facade is sufficient for your needs, because we don't plan on spending the time to audit it. - -- Don't work too hard, make some time for fun as well! Eric Blake ebb9 AT byu DOT net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk2hZEACgkQ84KuGfSFAYAuwQCcDoGIv1AEN2Le5gRGF4+VYb72 TaQAn1o4eSoPoaoAjRDGak8cPlSmhNg8 =xPny -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/