| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:date | |
| :message-id:subject:from:to:content-type; q=dns; s=default; b=nD | |
| CUEu71SGyh7A0M+Yib1LB0N4lm1glNTQ1cOB+VptUw7bRlAzsFQna06DO73gaBJ2 | |
| Vu7WFJgoh6Jms0MoMQdkef9Ao6S5bgiOE5Q8i53doUTLvXMhozQ8g8/REeZvT8hM | |
| ZP0faBqA1DR7EtN/OdXkt9Bcwq1dLEJ1g2Rzw3Q8w= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:date | |
| :message-id:subject:from:to:content-type; s=default; bh=Zw5f4Aq+ | |
| 5uKb2CGMJTFOPXy9bOY=; b=Qv1QtLwELqE5Soa452805gKhY2svu0ih4SZdmEy3 | |
| DNhqsX6QvKD7kHhO72u8QNYlhOJxpKhL3YF2XXBWt/VlD5MKf1LYM7Xw7gJwnJVG | |
| N8NuCjM52dnFc2plE4KjpafKvwiYqnsjlZkM92uAgM4fN5TjBe005sPcPbd2EIvc | |
| sz4= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.8 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=sk:access_, SHOULD, Permission, cyg_server |
| X-HELO: | mail-lf0-f53.google.com |
| X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=PmFLuTDCabvzT42Cqk4sy/d0h8yxSZFpouFx3bBvWyU=; b=fdy7Bmgxz9R1tRU9PnA03p+lNyjZa0NqXM6Nq5IPrZeS4MEGtJAsHkY7GZkVuVWmRM fEHKDGXBP0PROA7NllRyAbtBKL6GVXHJKalgJOC4YI0D+nduv89SBu9M6WemtTfRr7MN vrulMm8NMRgmHMknGVIpcBd78Etlv9eZresH4hC6NjhDDk+3NwklrjxL8gUcm1st7fKB D+bjXyJWIepf27zFNfTfrDVqohrrs6fE2jTh+iMelYd+Cen9FP/vx84Droyc8gxwB0+e UpveLYWZi+yKEB78j3dNhe3HcQtK92uSumsQ/ifijB99hWCSi7w/w9XpG5YZvyaFgiA2 z0gA== |
| X-Gm-Message-State: | AG10YOT9naB6Fu4lFuyegoWp2Kdk2S363O/851DZagnmEle3xYEyWedDt01l7NUaaoqOBT/JnbgEaHI86nFRug== |
| MIME-Version: | 1.0 |
| X-Received: | by 10.25.146.206 with SMTP id u197mr1961469lfd.96.1455325450658; Fri, 12 Feb 2016 17:04:10 -0800 (PST) |
| In-Reply-To: | <019e01d163c2$d678c7e0$836a57a0$@comcast.net> |
| References: | <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ AT mail DOT gmail DOT com> <019e01d163c2$d678c7e0$836a57a0$@comcast.net> |
| Date: | Fri, 12 Feb 2016 20:04:10 -0500 |
| Message-ID: | <CACoZoo3ZQm03ZKiJEisZW+H+y-woPP9j-huBwT+wSpjUAkKJYQ@mail.gmail.com> |
| Subject: | Re: Possible Security Hole in SSHD w/ CYGWIN? |
| From: | Erik Soderquist <ErikSoderquist AT gmail DOT com> |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
On Wed, Feb 10, 2016 at 12:21 AM, David Willis wrote: > Thank you for the response.. > > That is the problem though, it is not an error I am getting (that is in fact > the issue is that I SHOULD be getting a "permission denied" but I am not). > The problem is that I have access to things that I should not. Since this is > plain text only I can't post a SS of the open session that is shown in > Computer Management->Shared Folders->Sessions, but it shows the privileged > server account "cyg_server" instead of the user that I am accessing the > share as (the user I SSH'd in as). > > And I just found out with further testing that when I connect using a > password to Cygwin SSHD server, then access the file share, I have the > correct permissions and it shows an open session as the user I connected as > like it should. So it is something specifically that happens when connecting > using public key authentication. > > Here is an example though: > > [user]@[client machine] ~$ ssh [user]@[SSH server].[domain] > Enter passphrase for key '/home/[user]/.ssh/id_dsa': > Last login: Mon Feb 8 21:41:51 2016 from [client machine] > > [user]@[SSH server] //[file server]/[share] $ ls -l > total 8 > drwxrwx---+ 1 [admin user] Domain Users 0 Feb 7 18:29 [private folder] > drwxrwx---+ 1 [user] Domain Users 0 Feb 7 17:31 [public folder] > > [user]@[SSH server] //[file server]/[share] $ ls -l [private folder] > total 8 > -rwxrwx---+ 1 [admin user] Domain Users 6070 Feb 6 22:50 [private file] > > Please note that the user on the client machine and the user I am connecting > as on the SSH server are the same user account (a domain account). The > [admin account] is a domain account w/ domain admin privileges. The private > folder has NTFS ACLs set on it to prevent anyone other than domain admins > from listing the contents (as does the file inside it have ACLs preventing > anyone other than domain admins from reading it). The public folder is > listable by any domain users. > > Now what happens when I login with a password instead of a key: > > [user]@[client machine] ~$ ssh [user]@[SSH server].[domain] > [user]@[SSH server].[domain]'s password: > Last login: Tue Feb 9 20:18:44 2016 from [client machine] > > [user]@[SSH server] //[file server]/[share] $ ls -l > total 8 > drwxr-x--- 1 Unknown+User Unknown+Group 0 Feb 7 18:29 [private > folder] > drwxrwx---+ 1 [user] Domain Users 0 Feb 7 17:31 [public folder] > > [user]@[SSH server] //[file server]/[share] $ ls -l [private folder] > ls: cannot open directory [private folder]: Permission denied > > The behavior the second time is what I would expect the first time. Also in > the second scenario, Computer Management->Shared Folders->Sessions shows the > proper user being connected (the user I SSH'd in as) instead of the > privileged server account "cyg_server". > > Thanks again for any help - much appreciated > > David With the precise steps listed/demonstrated, I've reproduced it I connected with ssh as a normal user using a private key, and cd'd to //server/c$/ successfully, and in the Windows active sessions, it does indeed show "cyg_server" as the connected user, not the user I logged in with. Trying this using a password rather than a private key behaves as expected. Taking this a step further, I created a new directory from Windows Explorer and reset the permissions to explicitly deny access to the normal user I tested with. Then I tried to cd to /cygdrive/c/access_denied_test/ and received the expected access denied message, but when I tried to cd to //server/c$/access_denied_test/ I succeeded, and was able to create new files in the directory. I can provide screen shots of the reproduction without the need to redact quite so much. -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |