This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Finally managed to create a jailed SFTP server, but how secure?
>
> Security from the standpoint of access to the remote file system and
> processes come from the security measures put in place under Windows
> on the remote system. SFTP under Cygwin will not provide this. It
> only provids encrypted transport.
>
According to my observation, regardless of his authentication (public key or password), he can only see a limited number of directories within the jail environment. The only directory which is virtually added by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is empty so in my opinion the user can't traverse my harddisk.
I did some simple tests to break out my jail. From my SFTP session, I tried to do the following:
sftp> cd /cygdrive
sftp> cd c
Couldn't canonicalise: No such file or directory
sftp> mkdir c
Couldn't create directory: No such file or directory
which is good.
But maybe my simple tests are not enough. Maybe there are some special file names which are not mapped to any directory or file but are interpreted internally by Cygwin to designate some directories outside the jail.
Thanks again.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/