From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.com (mout.gmx.com [74.208.4.200]) by sourceware.org (Postfix) with ESMTPS id C53A6388E83E for ; Tue, 5 Jan 2021 15:02:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C53A6388E83E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=iname.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=bstewart@iname.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1609858966; bh=3/KKKpNrxKNspR98n6tEskK9LDYZg6zI0O/fjby/IVY=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=iFw6ZN+c9WM+POsQ6pV4ELywXUAMT1ffQL5SCMmv91SE4nGSxsaBKb3YOwOeqP06o 5Tag1+9Lz6wf4Be3VxryUq55PcMZqIkEZBNtP6eD6vN0TQgxWzq30ROpmY4BLZX712 w/LU7KEvM+7g07jbgKXr5rRVQOhQm6A4fT2EHdpo= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 Received: from mail-lf1-f54.google.com ([209.85.167.54]) by mail.gmx.com (mrgmxus004 [74.208.5.15]) with ESMTPSA (Nemesis) id 0MMl4b-1kuILi3Qz9-008e8u for ; Tue, 05 Jan 2021 16:02:46 +0100 Received: by mail-lf1-f54.google.com with SMTP id h205so73244684lfd.5 for ; Tue, 05 Jan 2021 07:02:45 -0800 (PST) X-Gm-Message-State: AOAM53381P49hG0QtZK0FgLTq/MJRNIo5TYSYfvUCWpPFvus7q/hkvRJ /TkcC4v1mAy6tf3lzkA3yi+xhVAzYPNdFpURVfE= X-Google-Smtp-Source: ABdhPJxqmBJ3Z3U2zMLu2WPoW8vks8+DWNDneklv3sA/M8jvgqp4PVyrQujTpMSki5bSvw2Sw8Zo/AR0/pp8onkZWtY= X-Received: by 2002:a2e:9605:: with SMTP id v5mr9188ljh.81.1609858963833; Tue, 05 Jan 2021 07:02:43 -0800 (PST) MIME-Version: 1.0 References: <48b833bd-547a-92eb-542e-b7da8e0d601b@interocitors.com> <9d339f8b-83ff-8b9c-b2fe-1c6fa4b2a92d@SystematicSw.ab.ca> <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu> In-Reply-To: <472d5b4e-1916-eb79-cf3d-44f43b5f8b5d@cs.umass.edu> From: Bill Stewart Date: Tue, 5 Jan 2021 08:02:16 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Is it possible to define the root directory in a cross compiled program To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:CIj39q97pKghkAbfeoGvwOr8Z9rL3PDQR6X/D+eTdD5aBvI1ezE SLyOqZmzxEcuIdbis+5Y5MU/YwFCdYBtIXOD1n4AZ3fuW749NN7Rc0Sdfbu3WhNvbUDnpQK 3xwhZ20HJvrcuCAw5qSMACMwN3mIx9JRWf9JJWpt+SvjmQsSOxPMOoiuqSZtdtzAgcS2GKt s7KOUaHIt9WSvYGzdCXVg== X-UI-Out-Filterresults: notjunk:1;V03:K0:1ALklyz6+N8=:gEQ3eiqG08vlmHej+M6nsG tf48kNl2DqBUe3MsdOMg06FX9g41RFoOkqbrMZID2RJ5ipI3lCDfj/Un3XeH2e1Bmnt1cTtBW N7AlUc/46ClrhKjoKqS2fRLfhx+y+cFaN3FU+akW9ZWZsOaQej4hZDXtxAhno6f0duzHBbtQE ZXO69daNPfJHQ3o3w2VOAW/wGw119vTQ6QmZhOH9+meuDtwnYikIXaX0R8XEJSosh6wgf3JIQ ZUtMOSu6AWLzfufXWIZcohZEF0HkeVZGjU0+WAD2FP6/ct11DYgFi2bv5s8FeHTWwzH1hmVwJ 84+IFuwlvRY9r9kIzWCc3D8B1d55dk8MXWINaaMVdsrFG06ZQ1bxnkGxhnBeNY62E2qqIXVeT FgIwVquXSn1NdQMwTD+WGQ4ZVr1/006iEGUTrXspwAu6sp/tm/rVJWmsNTnvfYjvvs9rj2VmI vPx21cDet5LSESfHK/+PyObHc6seuCgQpg1Q6/UWIBHqfV8nLi/C6ooGNDF8Yr7/eWVXDvc6w msOTnuY+pZdDiAOpWDSX/ps5SkdslZMagTexnjuspuVsvi7l81ND5qeloASll2JW4/5JgNMqz CwbgTaPp4WKyJafEXESIkncuS0EMYaXeGxcLHI6900jb6wFSN3e1SyY1RX6jIKEGeuSMy2HIe FrfrQiSnMG3ve40h8QbBypLV5vtRE8Ebv2e1T2UPUvaIfjMa7whHm/ljRfuo3i9UxjOE/qCrz UT3SvOYq8bWCFusoxTQsOF23T2QfFMy7EooMnM5/eM9pYab0CvYNFPuHTexLN7/lCknR2VP7Z sCabRbzoDzEcixFRbKEMkEnBoCvTggkDjq5WxamvXsWyD1yKAsxtJLXgCjWMWM9xdyWfKQoZk qsU+0YkFqGv5IzWWNiaA== X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jan 2021 15:02:48 -0000 On Tue, Jan 5, 2021 at 6:34 AM Eliot Moss wrote: > Is there a Windows equivalent to chroot (either the program or the library/system call)? See: https://cygwin.com/cygwin-ug-net/highlights.html Quoting: "Chroot is supported. Kind of. Chroot is not a concept known by Windows. This implies some serious restrictions. First of all, the chroot call isn't a privileged call. Any user may call it. Second, the chroot environment isn't safe against native windows processes. Given that, chroot in Cygwin is only a hack which pretends security where there is none. For that reason the usage of chroot is discouraged. Don't use it unless you really, really know what you're doing." What I have found is that the cygwin chroot is not a security boundary (it seems it is possible for an account to "escape" from the "chroot jail"). However, whatever account is being used by the cygwin process is still subject to its rights/permissions in Windows (i.e., "escaping" from a "chroot jail" does not give additional rights and/or permissions to an account that it didn't have before). Bill