This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

FW: disable access to /cygdrive/c ?


Oops! Wrong button! There are soooo many!

 
 günter strubinsky
 <strubinsky at acm dot org>
 Tel: 402.212.0196

> -----Original Message-----
> From: günter strubinsky [mailto:strubinsky at acm dot org]
> Sent: Saturday, March 15, 2003 6:51 PM
> To: 'roland'
> Subject: RE: disable access to /cygdrive/c ?
> 
> To go below root requires 'hacker intention' and since cygwin is a shell
> around your OS including file security, you can't get more security than
> the original file system allows.
> 
> Why would you want a fat32 filesystem in the first place? Your security is
> already infringed from the windows level; meaning: IF they want to hack
> your machine and couldn't under cygwin, they could under win.
> 
> An option I could think of is make a virtual driveletter in windows
> pointing to the directory of your choice. Share that 'drive' only. Access
> either via win2k or cygwin is only possible down to the bare driveletter
> (which is actually a directory somewhere on your drive).
> 
> If you assume malicious intent disconnect your computer. You don't want
> anybody in that case to access your /bin directory and replace system
> files.
> 
> I think the solution is not a cygwin issue but a windows issue.
> 
> Concluding: If you set a directory to a virtual drive letter and share
> this 'drive' it doesn't matter what OS wants to access the directory tree.
> They can't get below the drive letter even though the drive letter points
> to a directory of the nth level. Another approach is the DFS (distributed
> File System) in which you can even combine directories from different
> machines on different drives into one virtual directory tree; it's
> failsafe (AD sync's your servers) and incompatible to other os's which
> enhances security ;) . That means c:\cygwin could be changed to x:\ (the
> virtual drive pointing to c:\cygwin. There is no ' cd ..' below x:\ !)
> 
> According to what you wrote however, that
> someone should be able to 'do whatever he wants inside c:\cygwin' you
> should probably first make up your mind whether you trust this person or
> not. If you do, it's no issue, if you don't, there's always a way.
> Especially in fat32. I know of 'things' you can do also in ntfs that would
> get you run for an axe to lobotomize your network card off the box.
> 
>  günter strubinsky
>  <strubinsky at acm dot org>
>  Tel: 402.212.0196
> 
> > -----Original Message-----
> > From: cygwin-owner at cygwin dot com [mailto:cygwin-owner at cygwin dot com] On Behalf
> > Of roland
> > Sent: Saturday, March 15, 2003 12:51 PM
> > To: cygwin at cygwin dot com
> > Subject: disable access to /cygdrive/c ?
> >
> > Hello,
> >
> > is there a way to completly disable access tho paths below /cygdrive ?
> > i.e. to make /cygdrive/* invisible/inaccessible ?
> >
> > I have setup sshd on my machine and now some developer can ssh into my
> > machine
> > and help me with developing stuff under cygwin.
> > He can do what he wants inside c:\cygwin - but he shouldn`t be able to
> > access other
> > paths. Is it possible that i can hide that from him ?
> > Shure, I could set appropriate ntfs acls - but what if i have fat32
> based
> > filesystem?
> >
> > regards
> > Roland
> >
> > pS:
> > shure -this may not be bullet proof since he can execute code on my
> > computer - but at
> > least it is not too simple and needs "hacker intention".
> >
> >
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]