From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 112387 invoked by alias); 13 Mar 2019 15:12:15 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 112366 invoked by uid 89); 13 Mar 2019 15:12:15 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=accomplish, H*c:alternative, password, she X-HELO: mout.gmx.com Received: from mout.gmx.com (HELO mout.gmx.com) (74.208.4.200) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 13 Mar 2019 15:12:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1552489931; bh=36uKm20HaIbJNbtf+6Qe1K34CBxtY1qqItA410m4LaA=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=IgIhq0TeL/LG6yEyEjYxyVC4fWUHzSPAX9pwCvWipFdSj2eQ245Qb8jxAYfjZG5Nj WxWwfYJsR9RnFcTLFZa8efSGT7l99ROxJ/iC6vca3NJnf00LnKW56BRhwPYD4n3k7B F7xjl496Ny4bKHf7272WsC8XIt85bzGhCbm3v8Cc= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 Received: from mail-lf1-f46.google.com ([209.85.167.46]) by mail.gmx.com (mrgmxus001 [74.208.5.15]) with ESMTPSA (Nemesis) id 0LoE8d-1gWvSc1Rwf-00gGGR for ; Wed, 13 Mar 2019 16:12:11 +0100 Received: by mail-lf1-f46.google.com with SMTP id f16so1736085lfk.12 for ; Wed, 13 Mar 2019 08:12:10 -0700 (PDT) MIME-Version: 1.0 References: <20190313085650.GS3785@calimero.vinschen.de> In-Reply-To: <20190313085650.GS3785@calimero.vinschen.de> From: Bill Stewart Date: Wed, 13 Mar 2019 15:12:00 -0000 Message-ID: Subject: Re: sshd privsep user still required? To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00349.txt.bz2 On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote: > > a) Why is it necessary to specify SYSTEM as user number 0 in the > > /etc/password file? > > > > b) Why is the sshd account required? > > sshd checks for uid 0 and requires the sshd account when chroot is > requested. > > > c) Why are /cygdrive and /dev directories visible when connecting using a > > sftp client? > > The Cygwin chroot implementation is pure fake. It's not backed by the > OS and it's failry easy to break out of the jail. As such, the chroot > implementation is deprecated and only kept for backward compatibility. > I suggest not to use it. It gives a wrong sense of security. Right: I totally understand that Cygwin's chroot implementation does not add any security (because chroot doesn't exist natively on Windows). However: It's still the case that the user cannot bypass OS security even if he or she "escapes" from the jail, right? My goal is to restrict sftp browsing on the client side. Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config seems to accomplish this. Is this not correct? Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple