-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 03, 2008 at 11:38:20AM +0000, Julio Emanuel wrote: > On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <[EMAIL PROTECTED]> wrote: > > Julio Emanuel wrote: > > > >> 4) Only commands compiled for Cygwin, AND accessing the file system > >> exclusively through the Cygwin POSIX interfaces can (and will) obey > >> the chroot settings; > > > > This is not valid reasoning, as Eric Blake already pointed out you can > > still access files outside of a chroot even if you're still going > > through the Cygwin DLL by using Win32 style pathnames since Cygwin > > passes those through untouched.
"Chroot jail" is a misnomer here, on the verge of being dangerous. It's not a jail but just a line drawn with chalk on the floor. I would like to add on top of that that chroot isn't considerered as a security feature on other OSes either. FreeBSD has "jails" which do much more than chroot: you have to virtualize more than just the file system to come near of being secure (in UNIXoids think creating a device file whithin your jail which maps to the whole disk or memory to know what I mean :-). Cf. for example <http://en.wikipedia.org/wiki/FreeBSD_jail>. But then, for casual use, chroot might be fine. Never expose that to the Big and Stinking Net though. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJN5I4Bcgs9XrR2kYRAgk6AJ0bw1zHbpIkeGJrbu8T1xpckR31UACcD+4c t64oEkdEG9vfFV/2APYZ9w8= =LAc8 -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
