Mail Archives: cygwin/2014/09/04/07:24:54

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/09/04/07:24:54

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; q=dns; s=

default; b=eiY6PzN0JLtmhM9faDCupJIV522lukaBzt6OHvDcGSeaDomxbcebp

96XzmZXs6kptM7jWAoswqMpmeKW2cF//RtyC2AD6qal5FJsglhM/23mEHDXyY1Tk

UMLboW5B7D+SobdvBCjZ94zFX72T+xbpmtKsQDQd21cSS7BkJ0YWes=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; s=default;

bh=0mSCpLKtqGqjwd0PG1jgZtcJXc4=; b=sQmGL+GeCt/XzZhDkSxVEbeJpybR

/rC5+VLSghB/NZzt3f8YZcaBTJSnPGa5+/rZirIBIntbG9gqEy/5bDzaj9tmELM7

io6DzSvjOGCgDN8VnDNTqFvZ5LprfevznHB6wzPY+OYiboabmMr8quVqZ1qFzHO9

lguMsnYOsIV55pM=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPAM_BODY1,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=no version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Achim Gratz <Stromeko AT NexGo DOT DE>

Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd

Date: Thu, 4 Sep 2014 11:23:58 +0000 (UTC)

Lines: 34

Message-ID: <loom.20140904T130950-773@post.gmane.org>

References: <8761hphfps DOT fsf AT Rainer DOT invalid> <loom DOT 20140902T134545-288 AT post DOT gmane DOT org> <20140902140751 DOT GD6056 AT calimero DOT vinschen DOT de> <loom DOT 20140902T171114-72 AT post DOT gmane DOT org> <20140902153757 DOT GE6056 AT calimero DOT vinschen DOT de> <loom DOT 20140903T084528-450 AT post DOT gmane DOT org> <loom DOT 20140903T145724-31 AT post DOT gmane DOT org> <20140903133728 DOT GL6056 AT calimero DOT vinschen DOT de>

Mime-Version: 1.0

User-Agent: Loom/3.14 (http://gmane.org/)

X-IsSubscribed: yes

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> You already built your own Cygwin DLL, right?  What you could do is to
> do some good old printf debugging.  First let's try to find out if it's
> really one of the NetUser calls:

It looks like I need to install more than the DLL to make this work?  I
couldn't start cygserver as a service with (just) the built DLL in place. 
So I started it in debug mode from the command line (which makes it have
less rights than it needs) and started the sshd in debug mode also.  Due to
presumably the missing rights mentioned I could only log in with an
administrative account (domain account, but restricted to run on  the server
only).  I didn't get any failure from the debug_printf instrumented
functions.  With my normal user account I got a "/bin/bash: Operation not
permitted".  The cygserver debug output also showed unfettered access to the
AD.  With the sshd running without privilege separation I've noticed some
requests to the cygserver that seemed to indicate memory corruption:  Early
on in starting the daemon it would normally try to get account information
for Administrators:544, but the debug output from cygserver was showing
sshdrs as the account name being asked for.  Also there are (probably
unrelated since they are also present on x86_64) complaints about requests
of illegal length (11).

Going back to the original snapshot and using the same debugging setup the
behaviour was still the same.  Since I could now start the services again, I
did that and am back to the original behaviour.  I've asked our IT if there
are restrictions specifically targetting 32bit services or processes, but
got no answer so far (I'm not even sure this is possible).

I'm not sure what to make of these results, but at the moment I've ran out
of time anyway.

Regards,
Achim.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=eiY6PzN0JLtmhM9faDCupJIV522lukaBzt6OHvDcGSeaDomxbcebp
	96XzmZXs6kptM7jWAoswqMpmeKW2cF//RtyC2AD6qal5FJsglhM/23mEHDXyY1Tk
	UMLboW5B7D+SobdvBCjZ94zFX72T+xbpmtKsQDQd21cSS7BkJ0YWes=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=0mSCpLKtqGqjwd0PG1jgZtcJXc4=; b=sQmGL+GeCt/XzZhDkSxVEbeJpybR
	/rC5+VLSghB/NZzt3f8YZcaBTJSnPGa5+/rZirIBIntbG9gqEy/5bDzaj9tmELM7
	io6DzSvjOGCgDN8VnDNTqFvZ5LprfevznHB6wzPY+OYiboabmMr8quVqZ1qFzHO9
	lguMsnYOsIV55pM=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPAM_BODY1,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=no version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Achim Gratz <Stromeko AT NexGo DOT DE>
Subject:	Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
Date:	Thu, 4 Sep 2014 11:23:58 +0000 (UTC)
Lines:	34
Message-ID:	<loom.20140904T130950-773@post.gmane.org>
References:	<8761hphfps DOT fsf AT Rainer DOT invalid> <loom DOT 20140902T134545-288 AT post DOT gmane DOT org> <20140902140751 DOT GD6056 AT calimero DOT vinschen DOT de> <loom DOT 20140902T171114-72 AT post DOT gmane DOT org> <20140902153757 DOT GE6056 AT calimero DOT vinschen DOT de> <loom DOT 20140903T084528-450 AT post DOT gmane DOT org> <loom DOT 20140903T145724-31 AT post DOT gmane DOT org> <20140903133728 DOT GL6056 AT calimero DOT vinschen DOT de>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes