X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
References: <493568B8 DOT 3010308 AT cygwin DOT com> <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> <4935DD4B DOT 7050907 AT cygwin DOT com> <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <4936FEA1 DOT 705 AT cygwin DOT com> <828494 DOT 98789 DOT qm AT web34707 DOT mail DOT mud DOT yahoo DOT com> <5E25AF06EFB9EA4A87C19BC98F5C87530208D531 AT core-email DOT int DOT ascribe DOT com> <af075b00812050243re11fd22qa2715223ad508b8b AT mail DOT gmail DOT com> <20081205141443 DOT GS12905 AT calimero DOT vinschen DOT de>
Date: Fri, 5 Dec 2008 12:14:44 -0800 (PST)
From: TheO <idgajelas AT yahoo DOT com>
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <696330.68596.qm@web34703.mail.mud.yahoo.com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

> 
> THis isn't a question of being good or badly implemented, it's the
> simple fact that it doesn't (and can't) provide what people think it
> does.  Chroot is a bad fake on Cygwin.  Even a super cool implementation
> doesn't change that.
> 

I don't know how chroot is implemented but so far everything looks fine Corinna.
Normal files in C: drive are not visible because they would have to be mapped to
/cygdrive/c/xxx first (and /cygdrive/c doesn't exist).

I think the only possibility too see out of jail is by accessing Windows special
file names like COM1, LPT1 or pipe names. But this is inherent to "Cygwin over Windows"
filesystem not just to chroot.

Fortunately I can live without COM1 or LPT1 (I can remove or disable them).


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/