Finally managed to create a jailed SFTP server, but how secure?

TheO idgajelas@yahoo.com
Wed Dec 3 00:00:00 GMT 2008


> 

>
>

Many thanks for all your responses so far and I apologize if I
seem to be very persistent with my questions in this thread. 

Maybe it's my fault to pose a such general question. Maybe I should 
be more specific in my questions, asking many smaller targeted 
questions instead of one big one. 

For example;

- Why does internal-sftp subsystem creates /cygdrive inside the
  jailed directory?
- Who creates it? sshd or internal-sftp?
- Why /cygdrive is needed in the jailed environment?
- What harm can one do via /cygdrive eventhough it looks empty?
- Is it possible to hide it in the jailed environment? How?

- internal-sftp seems to have visibility outside the jail directory
  as it can list the owner and group name of the objects inside the
  jail directory although I haven't copied /etc/passwd and /etc/group
  to the jailed directory.
  How can this be possible?

- If I log on using public key authentication, sshd with its internal-
  sftp embedded in it runs using sshd account (correct me if I'm
  wrong here). But how can it read/write to a directory which does not
  belong to that account and from which I revoked group and other r/w
  rights? 

- etc etc

Maybe if I know the answer to some of these puzzles, I would be able
to figure out better what kind of security I can expect from SFTP on
Cygwin.

Do you think I'd better start 2-3 new threads with specific questions in
each? Or shall I just carry on with this thread.

Your suggestions are always more than welcome in this quest.


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list