X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Jpitl2bvT53tOIoqzGeqkZCBHH/qkQcx928r0v3hkqJ4STnsVu0qn
	aitplT3dDWtQ2Ga4881bR7EPgwV92GHvUlrH61l/XM0cKWrGY6qSIaQ77unmOXjS
	6873R0vpNPkzslKvwe6gn968O2h7qXs+b/CQpyIOjaQpQC4Calh1x4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=cpyKOpFILtn28Ar3EDsriShxccA=; b=lMb6iOUb/09f2jPZUTTIK7rtOOTw
	N4atazpUJBZf9AF+/qGm32Ie3VnY/n2WHsnlZcuiHsbpzObJo1WQ2otlECgzOPqY
	BsU1k95voDIIKV/caxfRvOF7fL54/w9nX1wFJKNh0fjFJrEmIBHyAWrVF96QluRm
	4IUFOJFSfnNDask=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=H*F:D*cygwin.com
X-HELO:	mout.kundenserver.de
Date:	Wed, 6 Mar 2019 17:15:04 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Logging-in using ssh elevates the user privilege.
Message-ID:	<20190306161504.GZ3785@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20190307010000 DOT fc28b73739c2dd66e609982b AT nifty DOT ne DOT jp>
MIME-Version:	1.0
In-Reply-To:	<20190307010000.fc28b73739c2dd66e609982b@nifty.ne.jp>
User-Agent:	Mutt/1.11.3 (2019-02-01)

--1Dvf9Qz7hFaodvwE
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar  7 01:00, Takashi Yano wrote:
> Hello,
>=20
> I would like to report a problem of recent cygwin.
>=20
> If a user logs in via ssh, the user aqcuires the elevated
> privilege if the user belongs to Administrators group.

This is by design, and this is no new behaviour.  As soon as an admin
account logs in, seteuid uses the elevated token.  Cygwin is doing that
since 2015.

After all, from an ssh session there would be *no* chance to run
administrative tasks if the user would only get a non-elevated token.
There's no way to switch to the elevated token from an ssh session.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--1Dvf9Qz7hFaodvwE
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/8ggACgkQ9TYGna5E
T6Ay+g//ZCAdV/cH9gBjOsu6U+lHrYO2uTRIj1xTGsnLj77xtYYW9xRIqIQz6aj3
LAhtOI/e2OsirZu/pzBLkBQn1ATdxOj7yyk6Xf1Yt8VSoQkeKrCfyyHxDni4GOPm
sM5hZtP3cWgEgMIq2Q1joOSiwQGzBWWsNsdZszuIG816PnJT3nAFMSpJFyGjAXaK
p8Mvaol8d8I7Hrj1LOAVxAq7jDyAk5EpMRSabcIYRq/G+2F+TLMF2XIeGkRSb/aq
+bW32rWAyjbiO8WpEcS3c61T4JWv/5pHjc0Kp62lKUzXuSDsZ4osxTnu3iyzbHry
4swcTJgzxSIwKTTHivYlupq/GDewk7xV4i/CTMFAkWZ7StQ9FG7HL39uGr58a3aI
AUZygqIhz/pfb4l/ajzjeReVXasgnGQxU5YnvPNvIDATm82kKhxodQSMS618nmyQ
m7FoQETtgtu5jMpB3zAQrphHnn8t0ZNIGW0qujhIi5ecyp1nJbHj7bv8NStQH41J
5jhF8UTyQ6TPZzLT2KqmeCmD/T1QYiSCZUroGRQqPFeGA/BKCheXkl1L72eFo04J
jZAylWeffNk3qdjc0aEa/IzS+XMWjTVIFno4IG7kUulun+0H9TlkMR0tD8cA9bTA
vFIiwO1T1IDPb3RxgNxC22XtzI/q1gf67ai5IrWB2gRMet7WtX4=
=o+kt
-----END PGP SIGNATURE-----

--1Dvf9Qz7hFaodvwE--

- Raw text -