Mail Archives: cygwin/2016/02/09/23:57:39

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/02/09/23:57:39

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:date

:message-id:subject:from:to:content-type; q=dns; s=default; b=FB

tID6PxnZ506hbqSrfA4MGLiVJFihZ8/Q7RTv3nE48130AU3tBoCgvtWGqdsQTjHk

cTXAj3zRDXd8bp83lBXzod8z6QBLwRggHIx3HF96iwLoz9YYNAkHJqg/JYsBxGJ1

9YYU3TtJcovy6UgHxb/VIc0lTxeerUD+FXHtlqbP4=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:date

:message-id:subject:from:to:content-type; s=default; bh=oB0fpv4E

OYh+YY37RiyFBOjSTyg=; b=eYL+iHoOWaYXwnpff4V3C3SbI8+widW9cRnAjvdQ

QWMXlJkHG08kl4Br6rnNb4QcLq/x5F7naQwRO1DuENTPuo1kMrljILIdFxXTeAcO

X3D5JN0JSf7NP5SGzjySILK1H+Ur37z99MdqadEysRhcHUH9BpI019v7cGu4nllH

cl0=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Willis, D*comcast.net, willis, david_willis AT comcast DOT net

X-HELO: mail-ig0-f175.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=9lJ5Q9DZSr9RhRt9NhMzUgvfosz52z2VzhKZf8TV2Ag=; b=b9NgQxPGVW4iQW9kTqJ1oBo+gPQH6QIRlkYossJctbfnNlbHtEyhpHuQ0Cy8l5UCJc rltNDhhTPkkD3ON/tn1wUlkIcAb41NgMBCnFlSaoSq31GPf4FsJKqDaJODa/tho3+vMH HkMToLiZ46i2Vo92R2qIb/Z7whmZ+fLOfIJlNgUb9HpVyIODoFp2y1ek1ur7avMngly0 sfRM2hmVGwnNFcM74v3IdVvJJQNJrWfng6czGCMU1+Nn2/xS9YDA5Sp5K/C+0C4hEBYr MSBStyQtU4MHCK5MOs7ZToY2a6L0lv8o11ZT8GrK10akCMIoTdOZjS7qKg3pxirf9sAX SOOw==

X-Gm-Message-State: AG10YORmlEEOfy/LDrm+FzmjLRtRCJ5PPpDeWvTngxlax1v78NF9KldNTzlzTpYYNbfdNvwDoJUwV4XcFouNVg==

MIME-Version: 1.0

X-Received: by 10.50.43.228 with SMTP id z4mr7771519igl.33.1455080239528; Tue, 09 Feb 2016 20:57:19 -0800 (PST)

In-Reply-To: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net>

References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net>

Date: Tue, 9 Feb 2016 21:57:19 -0700

Message-ID: <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com>

Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?

From: Stephen John Smoogen <smooge AT gmail DOT com>

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

On 9 February 2016 at 21:39, David Willis <david_willis AT comcast DOT net> wrote:
> Just to add an update to this, it appears that processes run from the shell
> while logged into the CYGWIN SSHD server are run as the correct user - i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager on
> the SSHD server, and those processes show as being run as the user I SSH'd
> in as, the way it should be.
>
> So it looks like this bug is specifically when accessing files or directory
> contents. I literally run a "ls -l" command from the local CYGWIN shell on
> the SSHD server, against a file share that I have no access to, and get a
> permission denied. I run the exact same command, SSH'd into that same box as
> the same user against the same file share, and this time I can list the
> directory contents. Same results with "cat"ing files in those directories.
> What gives?
>
> Any help on this VERY much appreciated!!!
>

In general, you need to be able to cut and paste the errors you are
seeing versus using words to describe them. There are several
different things that what you are describing could look like so
without that extra data it is hard to figure out how to duplicate what
you might be seeing.

-- 
Stephen J Smoogen.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:content-type; q=dns; s=default; b=FB
	tID6PxnZ506hbqSrfA4MGLiVJFihZ8/Q7RTv3nE48130AU3tBoCgvtWGqdsQTjHk
	cTXAj3zRDXd8bp83lBXzod8z6QBLwRggHIx3HF96iwLoz9YYNAkHJqg/JYsBxGJ1
	9YYU3TtJcovy6UgHxb/VIc0lTxeerUD+FXHtlqbP4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:content-type; s=default; bh=oB0fpv4E
	OYh+YY37RiyFBOjSTyg=; b=eYL+iHoOWaYXwnpff4V3C3SbI8+widW9cRnAjvdQ
	QWMXlJkHG08kl4Br6rnNb4QcLq/x5F7naQwRO1DuENTPuo1kMrljILIdFxXTeAcO
	X3D5JN0JSf7NP5SGzjySILK1H+Ur37z99MdqadEysRhcHUH9BpI019v7cGu4nllH
	cl0=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.1 required=5.0 tests=BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Willis, D*comcast.net, willis, david_willis AT comcast DOT net
X-HELO:	mail-ig0-f175.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=9lJ5Q9DZSr9RhRt9NhMzUgvfosz52z2VzhKZf8TV2Ag=; b=b9NgQxPGVW4iQW9kTqJ1oBo+gPQH6QIRlkYossJctbfnNlbHtEyhpHuQ0Cy8l5UCJc rltNDhhTPkkD3ON/tn1wUlkIcAb41NgMBCnFlSaoSq31GPf4FsJKqDaJODa/tho3+vMH HkMToLiZ46i2Vo92R2qIb/Z7whmZ+fLOfIJlNgUb9HpVyIODoFp2y1ek1ur7avMngly0 sfRM2hmVGwnNFcM74v3IdVvJJQNJrWfng6czGCMU1+Nn2/xS9YDA5Sp5K/C+0C4hEBYr MSBStyQtU4MHCK5MOs7ZToY2a6L0lv8o11ZT8GrK10akCMIoTdOZjS7qKg3pxirf9sAX SOOw==
X-Gm-Message-State:	AG10YORmlEEOfy/LDrm+FzmjLRtRCJ5PPpDeWvTngxlax1v78NF9KldNTzlzTpYYNbfdNvwDoJUwV4XcFouNVg==
MIME-Version:	1.0
X-Received:	by 10.50.43.228 with SMTP id z4mr7771519igl.33.1455080239528; Tue, 09 Feb 2016 20:57:19 -0800 (PST)
In-Reply-To:	<019c01d163bc$fe2fc500$fa8f4f00$@comcast.net>
References:	<019c01d163bc$fe2fc500$fa8f4f00$@comcast.net>
Date:	Tue, 9 Feb 2016 21:57:19 -0700
Message-ID:	<CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com>
Subject:	Re: Possible Security Hole in SSHD w/ CYGWIN?
From:	Stephen John Smoogen <smooge AT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes