Finally managed to create a jailed SFTP server, but how secure?

Wed Dec 3 00:00:00 GMT 2008



Many thanks for all your responses so far and I apologize if I
seem to be very persistent with my questions in this thread. 

Maybe it's my fault to pose a such general question. Maybe I should 
be more specific in my questions, asking many smaller targeted 
questions instead of one big one. 

For example;

- Why does internal-sftp subsystem creates /cygdrive inside the
  jailed directory?
- Who creates it? sshd or internal-sftp?
- Why /cygdrive is needed in the jailed environment?
- What harm can one do via /cygdrive eventhough it looks empty?
- Is it possible to hide it in the jailed environment? How?

- internal-sftp seems to have visibility outside the jail directory
  as it can list the owner and group name of the objects inside the
  jail directory although I haven't copied /etc/passwd and /etc/group
  to the jailed directory.
  How can this be possible?

- If I log on using public key authentication, sshd with its internal-
  sftp embedded in it runs using sshd account (correct me if I'm
  wrong here). But how can it read/write to a directory which does not
  belong to that account and from which I revoked group and other r/w

- etc etc

Maybe if I know the answer to some of these puzzles, I would be able
to figure out better what kind of security I can expect from SFTP on

Do you think I'd better start 2-3 new threads with specific questions in
each? Or shall I just carry on with this thread.

Your suggestions are always more than welcome in this quest.


Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list