Mail Archives: cygwin/2006/10/13/11:55:15
Charles Wilson wrote:
> Corinna Vinschen wrote:
>> On Oct 11 16:20, Wells, Roger K. wrote:
>>> When I installed this my previous installation broke and now the sshd
>>> server stops immediately when it is started. Any hints will be
>>> appreciated.
>>> thanks
>>
>> Maybe that's it: http://cygwin.com/ml/cygwin/2006-10/msg00250.html
>
> This is bad. Suppose I am a cygwin user on a machine to which I do not
> have Administrator privileges. Until now, I could run a personal sshd
> on a unique port, and connect back to my windows box. Now I can't --
> because, as a non-Admin, I can't create the sshd user. (and this use
> case is not a hypothetical; I do this on the job often)
It sounds like this is a technique that would be usable on platforms
other than Cygwin, as well.
> I consider this a regression -- and what's worse, IMO the patch that
> imposed this new requirement is dead wrong. Here's a fuller quote of
> the offending section of the changelog:
>
>> - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
>> be used to drop privilege to; fixes Solaris GSSAPI crash reported by
>> Magnus Abrante; suggestion and feedback dtucker@
>> NB. this change will require that the privilege separation user must
>> exist on all the time, not just when UsePrivilegeSeparation=yes
>
> My translation: even when UsePrivilegeSeparation=no we are STILL going
> to use privsep. And this misfeature will be imposed across all
> platforms, just to fix a crash on one platform when using one optional
> authentication component.
>
> Not nice, not nice at all.
So you're taking it up with the ssh developers (or 'dtucker'), right?
--
Matthew
"What's Cygwin?" you ask.
'Tis mostly absurd software
Concerning hippos.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -