Finally managed to create a jailed SFTP server, but how secure?
Wed Dec 3 12:28:00 GMT 2008
* On Wed, Dec 03, 2008 at 11:38:20AM +0000 Julio Emanuel wrote:
> On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <firstname.lastname@example.org> wrote:
> > This is not valid reasoning, as Eric Blake already pointed out you can
> > still access files outside of a chroot even if you're still going
> > through the Cygwin DLL by using Win32 style pathnames since Cygwin
> > passes those through untouched.
> Aha! So this is the tiny bit that was missing!
It was already mentioned elsethread.
> I known that it is an ugly solution, but surely it would settle the
> worries for this specific (but more and more frequent) chrooted sftp
But the problem here is: This is just one single problem instance that
would (or might) have been fixed. No-one ever cared to check if there
are other possibilities. In order to be safe, you would have to audit
all relevant parts to find out if there might be other attack vectors.
And from the answers, it is clear that no-one of the cygwin developers
will take that route, as it is not the aim of the project. Like it or
not, but that's how it is currently.
Spiro R. Trikaliotis http://opencbm.sf.net/
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin