Hello Julia, * On Wed, Dec 03, 2008 at 11:38:20AM +0000 Julio Emanuel wrote: > On Wed, Dec 3, 2008 at 11:01 AM, Brian Dessent <[EMAIL PROTECTED]> wrote:
> > This is not valid reasoning, as Eric Blake already pointed out you can > > still access files outside of a chroot even if you're still going > > through the Cygwin DLL by using Win32 style pathnames since Cygwin > > passes those through untouched. > > Aha! So this is the tiny bit that was missing! It was already mentioned elsethread. [...] > I known that it is an ugly solution, but surely it would settle the > worries for this specific (but more and more frequent) chrooted sftp > scenario. But the problem here is: This is just one single problem instance that would (or might) have been fixed. No-one ever cared to check if there are other possibilities. In order to be safe, you would have to audit all relevant parts to find out if there might be other attack vectors. And from the answers, it is clear that no-one of the cygwin developers will take that route, as it is not the aim of the project. Like it or not, but that's how it is currently. Best regards, Spiro. -- Spiro R. Trikaliotis http://opencbm.sf.net/ http://www.trikaliotis.net/ http://www.viceteam.org/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
