Finally managed to create a jailed SFTP server, but how secure?

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Dec 5 14:14:00 GMT 2008


On Dec  5 10:43, Julio Emanuel wrote:
> If it is so, Corinna, maybe the implementation is in a bit better
> shape than you remember? Can you confirm that this is result from
> chroot implementation in cygwin dll? (just morbid curiosity, at this
> stage :)

THis isn't a question of being good or badly implemented, it's the
simple fact that it doesn't (and can't) provide what people think it
does.  Chroot is a bad fake on Cygwin.  Even a super cool implementation
doesn't change that.

>  But regarding this SFTP
> implementation, what I (and TheO too, I suppose) want to know is not
> the myriad of ways that security can go wrong; but only if the chroot
> filtering (strictly inside of SFTP implementation) is honored.

Given that chroot is implemented within Cygwin, SFTP has nothing to do
with it.  However, this is EOD for me.  You have been warned.  Feel
free to use it, but I, for one, wouldn't.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list