Mail Archives: cygwin/2017/05/29/01:23:29

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/05/29/01:23:29

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:content-type

:content-transfer-encoding:date:from:to:subject:message-id; q=

dns; s=default; b=mYeENu5OEKlzHOGa8K1XLqwDzoOlkdeDBlI8GiNCJokbjj

O35tgMkqRnvFny06LXjZolLatxz/npDmOGJhAvNh3PmHRd1LO1xf6WFbDSGR7OIn

Ju6O9NTuCrEehb2xXXjJy/VKbpwaNaqz86reMvlIzI0dEP5V0Aygn5KqlTaRk=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:content-type

:content-transfer-encoding:date:from:to:subject:message-id; s=

default; bh=fRMT+HBGlNfi5DAyCXCOK7fE/sA=; b=XIgFcrKk0ZRf1zoZ+iSU

s+p3skZ19OFQ+T9+kBxZRSu6wlAyX5+KGFTwsDlsLlb/EC9zhUldGdJ9nXy/BaUt

mECsgdXDiO/BPPFrvOB+oOK8LQJ7qZaro6qxGyiPG0WLPOId2XPN+i4MAgsSTg00

y7MzIbU6wmebKiCzcZcg9as=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, H*F:D*nl, userid

X-HELO: lb2-smtp-cloud2.xs4all.net

MIME-Version: 1.0

Date: Mon, 29 May 2017 07:23:09 +0200

From: Houder <houder AT xs4all DOT nl>

To: cygwin AT cygwin DOT com

Subject: openssh: privilege separation no longer supported on Cygwin?

Message-ID: <d436698bbd53eef3cbdda788d4926109@xs4all.nl>

X-Sender: houder AT xs4all DOT nl

User-Agent: XS4ALL Webmail

X-IsSubscribed: yes

Hi,

Privilege separation in sshd defaults to "sandbox" (as far as
I understand, "openssh" has implemented a new mechanism).

... now I remember Corinna writing, that 'sandbox will not be
an option for Cygwin' ... or words to that effect.

Does this mean, that under Cygwin, privilege separation is no
longer possible?

... because, that is, I think, what I am seeing:

  - the userid of child sshd is still 'cyg_server' ...
  - and I get an elevated shell when I login ...

Not what I expected ...

Gr. Henri

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; q=
	dns; s=default; b=mYeENu5OEKlzHOGa8K1XLqwDzoOlkdeDBlI8GiNCJokbjj
	O35tgMkqRnvFny06LXjZolLatxz/npDmOGJhAvNh3PmHRd1LO1xf6WFbDSGR7OIn
	Ju6O9NTuCrEehb2xXXjJy/VKbpwaNaqz86reMvlIzI0dEP5V0Aygn5KqlTaRk=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; s=
	default; bh=fRMT+HBGlNfi5DAyCXCOK7fE/sA=; b=XIgFcrKk0ZRf1zoZ+iSU
	s+p3skZ19OFQ+T9+kBxZRSu6wlAyX5+KGFTwsDlsLlb/EC9zhUldGdJ9nXy/BaUt
	mECsgdXDiO/BPPFrvOB+oOK8LQJ7qZaro6qxGyiPG0WLPOId2XPN+i4MAgsSTg00
	y7MzIbU6wmebKiCzcZcg9as=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, HF:Dnl, userid
X-HELO:	lb2-smtp-cloud2.xs4all.net
MIME-Version:	1.0
Date:	Mon, 29 May 2017 07:23:09 +0200
From:	Houder <houder AT xs4all DOT nl>
To:	cygwin AT cygwin DOT com
Subject:	openssh: privilege separation no longer supported on Cygwin?
Message-ID:	<d436698bbd53eef3cbdda788d4926109@xs4all.nl>
X-Sender:	houder AT xs4all DOT nl
User-Agent:	XS4ALL Webmail
X-IsSubscribed:	yes