This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd privsep user still required?

On Mar 13 09:11, Bill Stewart wrote:
> On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:
> > > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > > /etc/password file?
> > >
> > > b) Why is the sshd account required?
> >
> > sshd checks for uid 0 and requires the sshd account when chroot is
> > requested.
> >
> > > c) Why are /cygdrive and /dev directories visible when connecting using
> a
> > > sftp client?
> >
> > The Cygwin chroot implementation is pure fake.  It's not backed by the
> > OS and it's failry easy to break out of the jail.  As such, the chroot
> > implementation is deprecated and only kept for backward compatibility.
> > I suggest not to use it.  It gives a wrong sense of security.
> Right: I totally understand that Cygwin's chroot implementation does not
> add any security (because chroot doesn't exist natively on Windows).
> However: It's still the case that the user cannot bypass OS security even
> if he or she "escapes" from the jail, right?
> My goal is to restrict sftp browsing on the client side.
> Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> seems to accomplish this.
> Is this not correct?

It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
/dev directories are still visible inside the chroot jail speaks against


Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]