-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 12/3/2008 5:57 AM: > And if I understand correctly, one of the possible way for user to bypass > check > by Cygwin is to use Win32 reserved file names. > > identifying what filenames are reserved by Win32, this is what I've got > (please > complete it if I am missing something): > > Dos devices: CON, COMn, LPTn, AUX, PRN, NUL (n=0, 1, ...) > Named Pipes: \\.\Pipe\foo > Physical Driver: \\.\PhysicalDriveN (N=0, 1, ...)
You still haven't tested a biggie (that we've already told you about): DOS file names: c:\path\to\file If someone can convince a remote sftp client to ask your SFTP server to transfer a DOS file name, then the remote machine has effectively looked outside of your jail, because cygwin cannot place DOS filenames inside the chroot. And we are unlikely to slow down cygwin just to plug this hole in the chroot facade, because we aren't interested in auditing what other holes may exist. I don't see why you persist in asking when we've already told you the answer, five times over. chroot does _not_ add security in a cygwin environment, nor will we ever be able to make it add security. It merely adds a facade that makes it easier to port Linux apps that use chroot; and it is up to you, not us, to verify whether that facade is sufficient for your needs, because we don't plan on spending the time to audit it. - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk2hZEACgkQ84KuGfSFAYAuwQCcDoGIv1AEN2Le5gRGF4+VYb72 TaQAn1o4eSoPoaoAjRDGak8cPlSmhNg8 =xPny -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
