This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Finally managed to create a jailed SFTP server, but how secure?


> 
> Security from the standpoint of access to the remote file system and
> processes come from the security measures put in place under Windows
> on the remote system.  SFTP under Cygwin will not provide this.  It
> only provids encrypted transport.
> 

According to my observation, regardless of his authentication (public key or password), he can only see a limited number of directories within the jail environment. The only directory which is virtually added by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is empty so in my opinion the user can't traverse my harddisk.

I did some simple tests to break out my jail. From my SFTP session, I tried to do the following:

  sftp> cd /cygdrive
  sftp> cd c
  Couldn't canonicalise: No such file or directory
  sftp> mkdir c
  Couldn't create directory: No such file or directory

which is good.

But maybe my simple tests are not enough. Maybe there are some special file names which are not mapped to any directory or file but are interpreted internally by Cygwin to designate some directories outside the jail.

Thanks again.



      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]