-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 12/1/2008 12:13 PM: > I did some simple tests to break out my jail. From my SFTP session, I tried > to do the following: > > sftp> cd /cygdrive > sftp> cd c > Couldn't canonicalise: No such file or directory
Did you verify whether DOS paths, such as c:\, were also blocked? > But maybe my simple tests are not enough. Maybe there are some special file > names which are not mapped to any directory or file but are interpreted > internally by Cygwin to designate some directories outside the jail. To repeat what we have already told you multiple times: cygwin does NOT enforce the jail. And without OS support to do so, we are not in a position to state that your jail is secure; so with security in mind, you must consider the SFTP connection, even in its chroot jail, to be only as secure as the restricted rights that you are able to enforce on the Windows user id in use when you make the SFTP connection. - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk0xTAACgkQ84KuGfSFAYDx0wCeNq+nuk/bG/Od4pjtawvWAD6T prkAoKrWCWia6GxJWAFm8ZF3Y0IUl1uw =orVG -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
