This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Finally managed to create a jailed SFTP server, but how secure?


On Dec  5 10:43, Julio Emanuel wrote:
> If it is so, Corinna, maybe the implementation is in a bit better
> shape than you remember? Can you confirm that this is result from
> chroot implementation in cygwin dll? (just morbid curiosity, at this
> stage :)

THis isn't a question of being good or badly implemented, it's the
simple fact that it doesn't (and can't) provide what people think it
does.  Chroot is a bad fake on Cygwin.  Even a super cool implementation
doesn't change that.

>  But regarding this SFTP
> implementation, what I (and TheO too, I suppose) want to know is not
> the myriad of ways that security can go wrong; but only if the chroot
> filtering (strictly inside of SFTP implementation) is honored.

Given that chroot is implemented within Cygwin, SFTP has nothing to do
with it.  However, this is EOD for me.  You have been warned.  Feel
free to use it, but I, for one, wouldn't.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]