Finally managed to create a jailed SFTP server, but how secure?
Thu Dec 4 08:16:00 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Dec 03, 2008 at 11:38:20AM +0000, Julio Emanuel wrote:
> On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <firstname.lastname@example.org> wrote:
> > Julio Emanuel wrote:
> >> 4) Only commands compiled for Cygwin, AND accessing the file system
> >> exclusively through the Cygwin POSIX interfaces can (and will) obey
> >> the chroot settings;
> > This is not valid reasoning, as Eric Blake already pointed out you can
> > still access files outside of a chroot even if you're still going
> > through the Cygwin DLL by using Win32 style pathnames since Cygwin
> > passes those through untouched.
"Chroot jail" is a misnomer here, on the verge of being dangerous. It's
not a jail but just a line drawn with chalk on the floor.
I would like to add on top of that that chroot isn't considerered as a
security feature on other OSes either. FreeBSD has "jails" which do much
more than chroot: you have to virtualize more than just the file system
to come near of being secure (in UNIXoids think creating a device file
whithin your jail which maps to the whole disk or memory to know what
I mean :-).
Cf. for example <http://en.wikipedia.org/wiki/FreeBSD_jail>.
But then, for casual use, chroot might be fine. Never expose that to the
Big and Stinking Net though.
- -- tomÃ¡s
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin