Mail Archives: cygwin/2016/02/10/00:21:29

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/02/10/00:21:29

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:from:to:references:in-reply-to

:subject:date:message-id:mime-version:content-type

:content-transfer-encoding; q=dns; s=default; b=nX9UltI3+SRP5588

aFmBeNUMSyTGz4jGj0gxLpPjUfCGJ42j+DNVz5d9sD3r8ozjXy0cu2Hy3gBEiH3x

VuKD60u+xmZ4J+rG8bsHCMFUChxST80JoitN/d/EjZ/Ya7q0xuBLpE6rW2Igggqm

x7wylxT6vsEey6ozPRkmSEIu0ZY=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:from:to:references:in-reply-to

:subject:date:message-id:mime-version:content-type

:content-transfer-encoding; s=default; bh=rlUWxMSflQvHqfBWSlIQmn

2Vyc0=; b=BrW0VjuAFf42co35iMxDhRqxWeshqCuYpYgb5MA224ROzi0ZGPShUR

pZaJPBWkZhanQYQLtMx6h0QZ+RW1vmqnkwEXP5lo0IyxxMPGHVICZo75CTv7r/W/

Q5YXBe8p6juqO3mKeOBalqiDnZaNp3J2s2umwKo2Z7MReK0Vsh6Os=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=4.9 required=5.0 tests=AWL,BAYES_50,CYGWIN_OWNER_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=no version=3.3.2 spammy=SHOULD, david_willis AT comcast DOT net, david_williscomcastnet, Permission

X-HELO: resqmta-po-11v.sys.comcast.net

Reply-To: <cygwin AT cygwin DOT com>

From: "David Willis" <david_willis AT comcast DOT net>

To: <cygwin AT cygwin DOT com>

References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ AT mail DOT gmail DOT com>

In-Reply-To: <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com>

Subject: RE: Possible Security Hole in SSHD w/ CYGWIN?

Date: Tue, 9 Feb 2016 21:21:03 -0800

Message-ID: <019e01d163c2$d678c7e0$836a57a0$@comcast.net>

MIME-Version: 1.0

X-IsSubscribed: yes

Thank you for the response..

That is the problem though, it is not an error I am getting (that is in fact
the issue is that I SHOULD be getting a "permission denied" but I am not).
The problem is that I have access to things that I should not. Since this is
plain text only I can't post a SS of the open session that is shown in
Computer Management->Shared Folders->Sessions, but it shows the privileged
server account "cyg_server" instead of the user that I am accessing the
share as (the user I SSH'd in as).

And I just found out with further testing that when I connect using a
password to Cygwin SSHD server, then access the file share, I have the
correct permissions and it shows an open session as the user I connected as
like it should. So it is something specifically that happens when connecting
using public key authentication.

Here is an example though:

[user]@[client machine] ~$ ssh [user]@[SSH server].[domain]
Enter passphrase for key '/home/[user]/.ssh/id_dsa':
Last login: Mon Feb  8 21:41:51 2016 from [client machine]

[user]@[SSH server] //[file server]/[share] $ ls -l
total 8
drwxrwx---+ 1 [admin user]  Domain Users    0 Feb  7 18:29 [private folder]
drwxrwx---+ 1 [user]        Domain Users    0 Feb  7 17:31 [public folder]

[user]@[SSH server] //[file server]/[share] $ ls -l [private folder]
total 8
-rwxrwx---+ 1 [admin user] Domain Users 6070 Feb  6 22:50 [private file]

Please note that the user on the client machine and the user I am connecting
as on the SSH server are the same user account (a domain account). The
[admin account] is a domain account w/ domain admin privileges. The private
folder has NTFS ACLs set on it to prevent anyone other than domain admins
from listing the contents (as does the file inside it have ACLs preventing
anyone other than domain admins from reading it). The public folder is
listable by any domain users.

Now what happens when I login with a password instead of a key:

[user]@[client machine] ~$ ssh [user]@[SSH server].[domain]
[user]@[SSH server].[domain]'s password:
Last login: Tue Feb  9 20:18:44 2016 from [client machine]

[user]@[SSH server] //[file server]/[share] $ ls -l
total 8
drwxr-x---  1 Unknown+User   Unknown+Group    0 Feb  7 18:29 [private
folder]
drwxrwx---+ 1 [user]        Domain Users     0 Feb  7 17:31 [public folder]

[user]@[SSH server] //[file server]/[share] $ ls -l [private folder]
ls: cannot open directory [private folder]: Permission denied

The behavior the second time is what I would expect the first time. Also in
the second scenario, Computer Management->Shared Folders->Sessions shows the
proper user being connected (the user I SSH'd in as) instead of the
privileged server account "cyg_server".

Thanks again for any help - much appreciated

David

-----Original Message-----
From: cygwin-owner AT cygwin DOT com [mailto:cygwin-owner AT cygwin DOT com] On Behalf Of
Stephen John Smoogen
Sent: Tuesday, February 09, 2016 8:57 PM
To: cygwin AT cygwin DOT com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?

On 9 February 2016 at 21:39, David Willis <david_willis AT comcast DOT net> wrote:
> Just to add an update to this, it appears that processes run from the 
> shell while logged into the CYGWIN SSHD server are run as the correct user
- i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager 
> on the SSHD server, and those processes show as being run as the user 
> I SSH'd in as, the way it should be.
>
> So it looks like this bug is specifically when accessing files or 
> directory contents. I literally run a "ls -l" command from the local 
> CYGWIN shell on the SSHD server, against a file share that I have no 
> access to, and get a permission denied. I run the exact same command, 
> SSH'd into that same box as the same user against the same file share, 
> and this time I can list the directory contents. Same results with
"cat"ing files in those directories.
> What gives?
>
> Any help on this VERY much appreciated!!!
>

In general, you need to be able to cut and paste the errors you are seeing
versus using words to describe them. There are several different things that
what you are describing could look like so without that extra data it is
hard to figure out how to duplicate what you might be seeing.

--
Stephen J Smoogen.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:from:to:references:in-reply-to
	:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=nX9UltI3+SRP5588
	aFmBeNUMSyTGz4jGj0gxLpPjUfCGJ42j+DNVz5d9sD3r8ozjXy0cu2Hy3gBEiH3x
	VuKD60u+xmZ4J+rG8bsHCMFUChxST80JoitN/d/EjZ/Ya7q0xuBLpE6rW2Igggqm
	x7wylxT6vsEey6ozPRkmSEIu0ZY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:from:to:references:in-reply-to
	:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; s=default; bh=rlUWxMSflQvHqfBWSlIQmn
	2Vyc0=; b=BrW0VjuAFf42co35iMxDhRqxWeshqCuYpYgb5MA224ROzi0ZGPShUR
	pZaJPBWkZhanQYQLtMx6h0QZ+RW1vmqnkwEXP5lo0IyxxMPGHVICZo75CTv7r/W/
	Q5YXBe8p6juqO3mKeOBalqiDnZaNp3J2s2umwKo2Z7MReK0Vsh6Os=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=4.9 required=5.0 tests=AWL,BAYES_50,CYGWIN_OWNER_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=no version=3.3.2 spammy=SHOULD, david_willis AT comcast DOT net, david_williscomcastnet, Permission
X-HELO:	resqmta-po-11v.sys.comcast.net
Reply-To:	<cygwin AT cygwin DOT com>
From:	"David Willis" <david_willis AT comcast DOT net>
To:	<cygwin AT cygwin DOT com>
References:	<019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ AT mail DOT gmail DOT com>
In-Reply-To:	<CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com>
Subject:	RE: Possible Security Hole in SSHD w/ CYGWIN?
Date:	Tue, 9 Feb 2016 21:21:03 -0800
Message-ID:	<019e01d163c2$d678c7e0$836a57a0$@comcast.net>
MIME-Version:	1.0
X-IsSubscribed:	yes