Mail Archives: cygwin/2001/10/15/13:26:03
I would love to use ssh, and I actually had
it working a few versions of cygwin ago. But
my unix guru here says "why don't you just use
rsh?- The internal network is secure." I don't
agree- I don't think we should be relying on
anything that is inherently insecure (of course,
we do use NT as an operating system). But where
we have the option to use ssh, I would prefer it.
Unfortunately, NONE of our unix boxes have ssh,
and I have been told that they won't be upgraded
without good reason, and even then I have to wait
until some important work is done (so the ssh
install won't interrupt our schedule). I don't
know if it is too OT, but would anyone care to
contribute reasons why to use ssh instead of rsh
even on our "internally secure" network? Please
reply to me personally, I think this part isn't very
cygwin related anymore.
BTW, I hope Corinna will reply onlist and let me know
about the "security features" of rsh that I asked
about in my previous post- that is definitely on-topic.
TIA,
Peter
John Peacock wrote:
>
> Peter Buckley wrote:
> >
> > Ummm.... I don't understand why home directories on
> > a network share would ever be "public". I thought that
> > root on unix could read whatever it wanted
> > (including home directories on network shares,
> > hence SYSTEM is NOT equivalent),
>
> I don't think that is true of NFS mounts but it may be.
>
> > but this
> > idea of public sounds like anyone (the guest user) or
> > some intruder could read the contents of my home
> > directory on a network share without authenticating.
> > That just sounds silly, so maybe I need someone to
> > explain this idea of "public" to me.
>
> The whole idea of "public" shares under NT gives me the absolute
> willies!
>
> >
> > Basically, the problem here is the "security" feature
> > that rsh uses where it tries to cd to the user's home
> > directory as the SYSTEM account, then failing that
> > exits if CYGWIN is defined. This is ridiculous.
> > When I rsh, the whole idea is that I am "me" and I am
> > executing commands as "me" on the remote system. I don't
> > want to cd to my home directory as SYSTEM, and in this
> > case it doesn't work because it is a network share and
> > kicks me out.
>
> This is indeed where this discussion started. And, as I tried to
> point out at the time, rsh is a *nix program that has been modified to
> work under CygWin.
>
> The current security model is to do everything necessary to set up the
> user's login, then drop the enhanced rights at the very last possible
> moment. Lots of *nix programs actually go further and use chroot,
> which actually places the user process in a virtual / without any way
> of getting out to the rest of the machine. Of course, this is not
> possible under NT at all. The fallback, to make sure that no one can
> log in as Guest, is to not allow any login to non-existant $HOME
> directories, which from the standpoint of SYSTEM, yours is.
>
> So you are not "me" until after the cd for a very good reason. To
> change it for CygWin would be to make it less secure. Have you
> checked out ssh instead of rsh? It is much more secure, from the
> ground up, and may actually work better for you.
>
> >
> > I know that I can modify the code so it doesn't do this,
> > but I don't think it should use this security feature this
> > way. There are probably a bunch of NT users who have their
> > home directories on network shares. It was explained to me
> > that the whole idea of this security feature is so an
> > unauthorized user doesn't end up in the / directory. The
> > section of code does this-
> >
> > if (cd $HOME)
> > #okay, we cd'd to the home directory no problem
> > else
> > ifdef _CYGWIN_
> > error (no remote directory; exit1)
> > else
> > cd /
> > endif
> > endif
> >
> > Why can't the "cd /" simply be a "cd /some-harmless-place"
> > and provide the same level of security? Simply saying
> > "you shouldn't have your home directory on a network share"
> > isn't good enough. Maybe I just don't understand the idea
> > of making my home directory "public" and if someone explains
> > it to me I can tell my sysadmins and have them set it up that
> > way.
> >
>
> The problem is that until NTSEC, there was no harmless place. And I am
> not sure that I would even rely on CygWin's NTSEC implementation (as it
> relies on NT). Corina would be much more likely to be able to tell you
> whether this is a secure option.
>
> John
>
> p.s. really, you should be using ssh, not rsh ;~)
>
> --
> John Peacock
> Director of Information Research and Technology
> Rowman & Littlefield Publishing Group
> 4720 Boston Way
> Lanham, MD 20706
> 301-459-3366 x.5010
> fax 301-429-5747
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]
--
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -