Re: How to properly set up a chrooted environment
On Fri, Apr 02, 2010 at 02:06:11AM +0100, Dave Korn wrote: On 01/04/2010 21:46, d.sastre.medina wrote: There is no manual for chroot on cygwin, because no one here recommends doing it for anything serious. I would never recommend exposing *any* Cygwin server to the internet-at-large at all, ever. All my cygstuff is serverd/used internally only, in a trusted LAN (no security concerns with that), and mainly to ease interaction with AIX/Linux around from my winbox. Anything else is just out of curiosity. Thanks for the answers. Regards. -- Huella de clave = 943C D77F 0CB0 02FE 166E E06F D13A A2E1 98A5 C953 pgpRhhW5ANrfE.pgp Description: PGP signature
Re: How to properly set up a chrooted environment
On 04/01/2010 02:19 PM, d.sastre.med...@gmail.com wrote: Hello, I'm trying to build a chrooted env in a windows 7 box: CYGWIN_NT-6.1 win7 1.7.2(0.225/5/3) 2010-03-24 21:12 i686 Cygwin What do you hope to accomplish with this? You are NOT adding any security to your system by using a cygwin chroot, because you do not have operating system support (that is, an application can escape the jail by using native Windows commands). chroot exists to ease porting some programs (such as coreutils), but is NOT a solution for security that you seem to think it is. -is there a canonical way to do this? (and where is the manual :-)) There is no manual for chroot on cygwin, because no one here recommends doing it for anything serious. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature
Re: How to properly set up a chrooted environment
On Thu, Apr 01, 2010 at 02:26:46PM -0600, Eric Blake wrote: On 04/01/2010 02:19 PM, David wrote: Hello, I'm trying to build a chrooted env in a windows 7 box: CYGWIN_NT-6.1 win7 1.7.2(0.225/5/3) 2010-03-24 21:12 i686 Cygwin What do you hope to accomplish with this? You are NOT adding any security to your system by using a cygwin chroot, because you do not have operating system support (that is, an application can escape the jail by using native Windows commands). chroot exists to ease porting some programs (such as coreutils), but is NOT a solution for security that you seem to think it is. I was thinking about a ftp server. Users would log in into the jail, say /chroot/home/proftp/... And this is just for testing/learning purposes and fun. -is there a canonical way to do this? (and where is the manual :-)) There is no manual for chroot on cygwin, because no one here recommends doing it for anything serious. OK. Got it. Thank you. -- Huella de clave = 943C D77F 0CB0 02FE 166E E06F D13A A2E1 98A5 C953 pgp4PWBVUp7Eo.pgp Description: PGP signature
Re: How to properly set up a chrooted environment
On Thu, Apr 1, 2010 at 4:46 PM, d.sastre.med...@gmail.com wrote: I was thinking about a ftp server. Users would log in into the jail, say /chroot/home/proftp/... Most ftp servers provide this functionality natively. And this is just for testing/learning purposes and fun. A great way to learn is by doing :) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: How to properly set up a chrooted environment
On 01/04/2010 21:46, d.sastre.medina wrote: And this is just for testing/learning purposes and fun. That's of course fine; anything you run for yourself in your own private network isn't a problem, but it's worth being explicit about this: There is no manual for chroot on cygwin, because no one here recommends doing it for anything serious. I would never recommend exposing *any* Cygwin server to the internet-at-large at all, ever. Although Cygwin doesn't introduce any vulnerabilities into applications that don't already have them, it does make it significantly more likely that you can escalate your privileges anywhere you can log in even as a restricted user. cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: How to properly set up a chrooted environment
On 04/01/2010 01:26 PM, Eric Blake wrote: On 04/01/2010 02:19 PM, d.sastre.med...@gmail.com wrote: Hello, I'm trying to build a chrooted env in a windows 7 box: CYGWIN_NT-6.1 win7 1.7.2(0.225/5/3) 2010-03-24 21:12 i686 Cygw What do you hope to accomplish with this? You are NOT adding any security to your system by using a cygwin chroot, because you do not have operating system support (that is, an application can escape the jail by using native Windows commands). chroot exists to ease porting some programs (such as coreutils), but is NOT a solution for security that you seem to think it is. I'd like to use it to set up the environment for Rational Clearcase's concept of setting a view. It uses a chrooted environment of sorts. Of course lacking OS support it probably wouldn't be 100% but it might smooth the rough edges. -- Andrew DeFaria http://defaria.com Humor is a rubber sword - it allows you to make a point without drawing blood. - Mary Hirsch -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple