From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215998-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 109301 invoked by alias); 13 Mar 2019 15:58:59 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 108943 invoked by uid 89); 13 Mar 2019 15:58:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=H*c:alternative, she
X-HELO: mout.gmx.com
Received: from mout.gmx.com (HELO mout.gmx.com) (74.208.4.201) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 13 Mar 2019 15:58:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com;	s=dbd5af2cbaf7; t=1552492734;	bh=e7SNC1xfELcXmBKXqkmlEgMGRMlHvnQxvAfssVZA0pg=;	h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To;	b=riPKRyu6QpHnon9u9mN+KrRtv/8M79IuEKBZ4r0ypqpv2eG8iM9muhEv9K29JiWfg	 MugGgs1SgYomBEtVVAI48uXkAjMgwaamkNKQqT1bev8N57KXnsGf6y5Iwcpx1Ak7w8	 CFRKd2vBUH8F068gDgm5/P7mPSLIprR+JuAw2p8Y=
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
Received: from mail-lj1-f175.google.com ([209.85.208.175]) by mail.gmx.com (mrgmxus001 [74.208.5.15]) with ESMTPSA (Nemesis) id 0Lxy8A-1h0zeM1bE4-015Kd3 for <cygwin@cygwin.com>; Wed, 13 Mar 2019 16:58:54 +0100
Received: by mail-lj1-f175.google.com with SMTP id v3so2052021ljk.9        for <cygwin@cygwin.com>; Wed, 13 Mar 2019 08:58:54 -0700 (PDT)
MIME-Version: 1.0
References: <CANV9t=S6LFnDSKiJsL3GpjLNC+srJCAgkScZTiG0yAbxq3b40A@mail.gmail.com> <CANV9t=SWJ_65Y7jgqgDzNkaUPh1YCHfibp6vb+tmvg-wKtPLyQ@mail.gmail.com> <20190313085650.GS3785@calimero.vinschen.de> <CANV9t=Q=HDAoVxjvSp9EqX0GttwxZLW6=OxO6o4eLzs8mejFRQ@mail.gmail.com> <20190313152901.GA18873@calimero.vinschen.de>
In-Reply-To: <20190313152901.GA18873@calimero.vinschen.de>
From: Bill Stewart <bstewart@iname.com>
Date: Wed, 13 Mar 2019 15:58:00 -0000
Message-ID: <CANV9t=RxeKVye=uJ9s=7ncp6jHbyMxAUsRGKa6zEc1VdkCfu+g@mail.gmail.com>
Subject: Re: sshd privsep user still required?
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2019-03/txt/msg00351.txt.bz2

On Wed, Mar 13, 2019 at 9:29 AM Corinna Vinschen wrote:

> > However: It's still the case that the user cannot bypass OS security
even
> > if he or she "escapes" from the jail, right?
> >
> > My goal is to restrict sftp browsing on the client side.
> >
> > Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> > seems to accomplish this.
> >
> > Is this not correct?
>
> It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
> /dev directories are still visible inside the chroot jail speaks against
> that.

So to summarize: Even though the fake chroot doesn't increase security, it
doesn't reduce it, either.

In other words, even if the user "escapes" the jail, he or she can still
only do what the underlying OS permits.

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple