On Mar 13 09:11, Bill Stewart wrote:
> On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:
> 
> > > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > > /etc/password file?
> > >
> > > b) Why is the sshd account required?
> >
> > sshd checks for uid 0 and requires the sshd account when chroot is
> > requested.
> >
> > > c) Why are /cygdrive and /dev directories visible when connecting using
> a
> > > sftp client?
> >
> > The Cygwin chroot implementation is pure fake.  It's not backed by the
> > OS and it's failry easy to break out of the jail.  As such, the chroot
> > implementation is deprecated and only kept for backward compatibility.
> > I suggest not to use it.  It gives a wrong sense of security.
> 
> Right: I totally understand that Cygwin's chroot implementation does not
> add any security (because chroot doesn't exist natively on Windows).
> 
> However: It's still the case that the user cannot bypass OS security even
> if he or she "escapes" from the jail, right?
> 
> My goal is to restrict sftp browsing on the client side.
> 
> Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> seems to accomplish this.
> 
> Is this not correct?

It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
/dev directories are still visible inside the chroot jail speaks against
that.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer