Finally managed to create a jailed SFTP server, but how secure?

Phil Betts Phil.Betts@ascribe.com
Fri Dec 5 02:25:00 GMT 2008


TheO wrote on Thursday, December 04, 2008 4:48 PM::

>>> I understand why all these virtual directories are necessary at the
>>> absolute '/' root level. But here I refer to /cygdrive which is
>>> created inside the jail directory, which means in absolute path,
>>> /jail/cygdrive (/jail being the root 
>> of my jail). Inside the jail, only /cygdrive is created, no other
>> virtual directories (/proc or /dev/xxx) or files are created.
>> 
>> Created or not, they exist.  Try it.
>> 
> 
> I tried it from jailed SFTP session:
> 
>   sftp> cd /dev
>   Couldn't canonicalise: No such file or directory
>   sftp> cd /proc
>   Couldn't canonicalise: No such file or directory
> 
> They don't exist.

You also need to try symlinks that point outside the "jail". Try 
creating them both from the shell and within SFTP.

You should also check that non-interactive SFTP observes the jail
(that is specifying the file to transfer on the command line).

Frankly, there are loads of things that you would need to test and
you can never be sure you've checked all possible mechanisms.  Given
that the chroot jail is really an open prison under Windows, one has 
to wonder if it's worth the effort, and what you have proved if all
of your tests have passed.

The best you can say is that you are protected against inadvertent 
access and (possibly) someone casually poking around.

Don't forget that even if you decide SFTP is "secure enough", you 
need to consider the system as a whole.  One of the problems with
Windows' security in general is the number of open ports and services 
that are running.  If unauthorized users are able to gain access to 
the system via any other route, then any security SFTP gives you is 
totally illusory.  You would really need an external, aggressive 
firewall to be sure that the only possible external access was via 
SFTP.  You can't rely on just disabling services, because I have 
known them to become enabled again after installing updates (thanks 
MS!)

Phil
-- 
This email has been scanned by Ascribe PLC using Microsoft Antigen for Exchange.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list