gmane.os.cygwin

Re: Finally managed to create a jailed SFTP server, but how secure?

Eric Blake — 2008-12-02T05:18:40

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 12/1/2008 12:13 PM: Did you verify whether DOS paths, such as c:\, were also blocked? To repeat what we have already told you multiple times: cygwin does NOT enforce the jail. And without OS support to do so, we are not in a position to state that your jail is secure; so with security in mind, you must consider the SFTP connection, even in its chroot jail, to be only as secure as the restricted rights that you are able to enforce on the Windows user id in use when you make the SFTP connection. - -- Don't work too hard, make some time for fun as well! Eric Blake ebb9< at >byu.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk0xTAACgkQ84KuGfSFAYDx0wCeNq+nuk/bG/Od4pjtawvWAD6T prkAoKrWCWia6GxJWAFm8ZF3Y0IUl1uw =orVG -----END PGP SIGNATURE-----

Re: pthread_rwlock_rdlock() returns EDEADLK when trying to call it > once

Christopher Faylor — 2008-12-02T03:07:04

You've located the code. Feel free to suggest a patch. cgf

Re: NT-Authority/System will be file owner after rsync restore

Larry Hall (Cygwin — 2008-12-01T23:07:44

Well services on <= XP run under the local system account so I'm guessing that your backup service is using the permissions of the creator of the backup files rather than the original permissions. 'rsync', according to the man page, says that it has '-p' and '-A' flags to preserve the original permission IDs (or '-a' which includes '-p'). Are you using any of these?

Re: RSync random failures

Matthias Meyer — 2008-12-01T22:53:20

Hi Allan, I did not use a PID file. Because that my rsync did not have a problem with that. Maybee you did not use a PID file? Because of your hibernation/stand-by tests. Did you know if it is possible to disable hibernation/stand-by during rsync is running? br Matthias

Re: NT-Authority/System will be file owner after rsync restore

Matthias Meyer — 2008-12-01T22:14:49

Thanks Larry, One step to the goal ;-) I lost my /etc/passwd and /etc/group. Do not know why :-( I create new ones with: bin>mkpasswd -l > /etc/passwd bin>mkpasswd -g > /etc/group create a new file /etc/test.txt bin>ls -alh /etc/test.txt bin>-rwx------+ 1 meyer Kein 0 Dec 1 23:01 /etc/test.txt Than I run a backup: After that my backup-protocol shows: create 644 18/544 0 etc/Test.txt But 18/544 is SYSTEM:Administratoren as /etc/passwd -> SYSTEM:*:18:544:,S-1-5-18:: and /etc/group -> Administratoren:S-1-5-32-544:544: shows. I've tried this with both, "cygrunsrv -I backup ..." as well as with "cygrunsrv -I backup -e CYGWIN=nontsec ..." Any further hint? Thanks Matthias

Executable File Violation

2008-12-01T23:01:07

You attempted to send a message that contained an executable file. The sending of executable files via email is prohibited. The message was not delivered. For more assistance contact spam-support< at >infosec.fedex.com.

Re: Finally managed to create a jailed SFTP server, but how secure?

Larry Hall (Cygwin — 2008-12-01T21:09:18

If you're happy with the results, that's fine. However, you asked how secure SFTP was. The answer is as I've said. Cygwin is not the O/S. It cannot enforce restrictions on the O/S. Only the O/S can restrict or grant access to users. I have not attempted to set up a jailed SFTP environment on Cygwin. It may be that what you've done hems the user into the area you want when he/she is using Cygwin tools. However, this does not restrict the user with Windows native tools. If he/she is able to leverage those inside the jail, then the user has the keys he/she wants to get out.

Re: Help needed: first time tried sshd and got stuck not far from the beginning...

stevench2000 — 2008-12-01T20:49:43

Thanks Larry, Although I am not 100% certain, it may very well be it's one of the nasty case of BLODA. Looking at the list, I got at least 3 of those applications running at the background... Will continue to spend more time to figure it out. Regards, Steve Larry Hall (Cygwin) wrote:

pthread_rwlock_rdlock() returns EDEADLK when trying to call it > once

kalle ko — 2008-12-01T20:41:53

Possible bug in winsup/cygwin/thread.cc: ... int pthread_rwlock::rdlock () { int result = 0; struct RWLOCK_READER *reader; pthread_t self = pthread::self (); mtx.lock (); if (lookup_reader (self)) { result = EDEADLK; goto DONE; } ... It doesn't seem like it's possible for a thread to call pthread_rwlock_rdlock() multiple times, and if a thread does, it will get a EDEADLK error. http://opengroup.org/onlinepubs/007908799/xsh/pthread_rwlock_rdlock.html: ... A thread may hold multiple concurrent read locks on rwlock (that is, successfully call the pthread_rwlock_rdlock() function n times). ... [EDEADLK] The current thread already owns the read-write lock for writing. ... I noticed this when one of my tests failed.

Avoid duplicate names in /proc/registry (which may crash find) ?

Christian Franke — 2008-12-01T20:16:30

When dirent.d_type support is added to /proc/registry (see attachment), find 4.4.0-3 crashes on keys with duplicate names. Testcases: $ find-with-d_type \ /proc/registry/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/ALG/ISV $ find-with-d_type \ /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/Eventlog/Security These keys contain a key and a value with the same name and readdir() returns both (with different d_type). Possible fix to avoid identical names: 1. Put keys and values in different namespaces, e.g. /proc/registry/path/name.key /proc/registry/path/name.val Drawback: Breaks backward compatibility. or: 2. In readdir(), record the key names in some set<> or hash-table. If (and only if) a duplicate name is detected, return a modified name for the value: /proc/registry/path/name /proc/registry/path/name%76 ('v') Drawback: Slows down readdir, introduces alias name for value. Christian

Re: Finally managed to create a jailed SFTP server, but how secure?

TheO — 2008-12-01T19:13:50

According to my observation, regardless of his authentication (public key or password), he can only see a limited number of directories within the jail environment. The only directory which is virtually added by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is empty so in my opinion the user can't traverse my harddisk. I did some simple tests to break out my jail. From my SFTP session, I tried to do the following: sftp> cd /cygdrive sftp> cd c Couldn't canonicalise: No such file or directory sftp> mkdir c Couldn't create directory: No such file or directory which is good. But maybe my simple tests are not enough. Maybe there are some special file names which are not mapped to any directory or file but are interpreted internally by Cygwin to designate some directories outside the jail. Thanks again.

Re: Finally managed to create a jailed SFTP server, but how secure?

Larry Hall (Cygwin — 2008-12-01T18:17:10

Ugh! Looks like I'm challenged in the proof-reading department this morning! ^ s ^ e

Re: Finally managed to create a jailed SFTP server, but how secure?

Larry Hall (Cygwin — 2008-12-01T16:51:49

Security from the standpoint of access to the remote file system and processes come from the security measures put in place under Windows on the remote system. SFTP under Cygwin will not provide this. It only provids encrypted transport.

Finally managed to create a jailed SFTP server, but how secure?

TheO — 2008-12-01T16:20:47

Hi, I finally managed to create a chroot'ed (jailed) SFTP environment under Cygwin. Here are my steps which may be useful for others: - All directories from root to the chroot directory must be owned by UID 0 and GID 0. For example, if you want to jail users in /jail then / and /jail must belong to (0, 0). In my setup, I set Administrator user to be (0, 0) in /etc/passwd. - The home directory for user as declared in /etc/passwd must be created under this chroot directory too, for example, /jail/home/user must exist too and belong to user. - Use internal-sftp for Subsystem sftp So my minimum directory structure is as follow: /jail /jail/home /jail/home/user /home/user If you want to enable public key authentication, then the following must exist too: /home/user/.ssh /home/user/.ssh/authorized_keys My /etc/sshd_config contains: ChrootDirectory /jail Subsystem sftp internal-sftp After configuring the user's public key in /home/user/.ssh/authorized_keys, he can log

Re: Problem Starting up XEmacs

Dr. Volker Zell — 2008-12-01T14:58:56

> Hi, > I have a strange problem starting XEmacs: > $ xemacs > *** Error in XEmacs initialization > (error "Must be string, vector, or font-instance" # "127.0.0.1:0.0" 0xb17>) > *** Backtrace > really-early-error-handler((error "Must be string, vector, or > font-instance" #)) > check-valid-instantiator(# font) > # bind (result noerror specifier-type spec) > canonicalize-spec(# font nil) > # bind (rest result) > byte-code("..." [specifier-type res2 noerror spec-list result rest > nil throw cann-spec-list t signal error "Invalid list format" > canonicalize-spec] 5) > # (catch cann-spec-list ...) > # bind (result noerror specifier-type spec-list) > canonicalize-spec-list((#) font) > # bind (is-valid nval how-to-add tag-set locale value specifier) > set-s

Re: sem_unlink?

Corinna Vinschen — 2008-12-01T11:00:02

No worries. Corinna

Re: Help needed: first time tried sshd and got stuck not far from the beginning...

Larry Hall (Cygwin — 2008-12-01T06:29:20

Yes. Yes, two. 1. Install the 'rebase' package and follow the instructions in its README file (under '/usr/share/doc/Cygwin'). 2. Either one of the above is your solution. You shouldn't need to do both. (1) is probably easier to try. However, I'll bet on (2).

Re: Help needed: first time tried sshd and got stuck not far from the beginning...

stevench2000 — 2008-12-01T05:37:19

Thanks to both of you for the tips. After adding the -ddd option in invoking sshd in the ssh-host-config, I was able to see this error message from the log: 17 [main] sshd 42180 child_copy: linked dll data write copy failed, 0x24500 0..0x2452E0, done 0, windows pid 42200, Win32 error 487 Does this look familiar? Do you have any suggestions? Regards, Steve Larry Hall (Cygwin) wrote:

Re: RSync random failures

Allan Schrum — 2008-12-01T02:25:24

I downloaded the source, rebuilt and I am running under the debugger. The line indicated above is where RSync discovers that the PID file already exists. While that specific problem is solved by deleting the PID file, the problem is that the PID file should never exist after RSync exits. There is some condition that leaves the PID file when RSync shuts down (as a service under Windows XP) normally. This problem did not exist in the previous version (2.6.9-2). I have tried hibernation, stand-by, shutdown & restart, network disconnections, various signals passed, etc., and nothing reliably causes the problem to manifest itself. But any of these methods has caused the problem. It seems to happen more frequently during shutdown & restart than any other method. Any ideas on how to debug? Anyone else have this problem? Thanks, -Allan

Re: NT-Authority/System will be file owner after rsync restore

Larry Hall (Cygwin — 2008-11-30T22:46:40

Could be. I don't know much about rsync. However, if that is the uid/gid, it maps to -1 (don't know why it's represented as a 32-bit value though.) Anyway, if you and I are right, then my WAG is that your '/etc/passwd' and/or '/etc/group' file(s) are wrong. See for more details on Cygwin special IDs.

NT-Authority/System will be file owner after rsync restore

Matthias Meyer — 2008-11-30T22:13:28

Hi, I try to backup WindowsXP as well as Vista to an Linux server. I use backuppc as backup-server, cygwin as client environment and rsync for transport. The backup seems to work well but the restore not. The restored files will have "NT-Authority/System" as new owner, independend from their old owner or if the file not exist before restore. My rsyncd.conf: max connections = 6 log file = /var/log/backup-service.log read only = false write only = false transfer logging = no list = false max verbosity = 6 address = 127.0.0.1 [C] path = /cygdrive/c/ The rsync arguments by backup (extracted from backuppc logfile): Sending args: --server --sender --numeric-ids --perms --owner --group -D --links --hard-links --times --block-size=2048 --recursive --one-file-system --bwlimit=512 The rsync logfile from restore (extracted from backuppc logfile): Sending args: --server --numeric-ids --perms --super --owner --group -D --links --hard-links --times --block-size=2048 --relative --ignore-times --recursive C/etc