Finally managed to create a jailed SFTP server, but how secure?

Eric Blake
Wed Dec 3 15:31:00 GMT 2008

> > And what about Brian's other point - if sshd has a security bug like a
> > buffer overrun (shudder, but possible - look at how often openssh has
> been
> > updated over the years to fix security holes as soon as someone
> identifies
> > one)
> Such hole would affect all OpenSSH implementation. Even the Linux version.
> Am I correct?

On one level, yes - if the bug is in the sshd code, then there is
a good chance all OpenSSH ports would have the same buffer
overflow bug (unless the bug is in a platform-dependent #ifdef
section).  But on another level, _no_, and that is what we are
trying to tell you.  On Linux, if someone can exploit a buffer
overflow, ALL they can corrupt is the chroot jail - the rest of
your system is _untouched_.  On Cygwin, if someone can
exploit a buffer overflow, the ENTIRE OS is up for grabs, and
they can alter any file they want, because the OS is not
enforcing a chroot jail.

One other point: on Cygwin, you have the potential for a
buffer overflow in cygwin1.dll (we hope not, but it is
possible), which could mean that the cygwin sshd is
vulnerable based on the .dll it links against while the same
version of sshd on Linux is secure.  I suppose the converse
is true - a buffer overflow in glibc could make the Linux
sshd vulnerable while the Cygwin version is fine; but
remember that more people tend to audit glibc code than
cygwin code.

Eric Blake

View this message in context:
Sent from the Cygwin list mailing list archive at

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list