X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org B25DB3858284
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1691458894;
	bh=0eonfrDCkcaAgfRd6CIMKGdXNA/tC863Do9Pkk0u6Mw=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=d+9tmqykU/5T3pVQ04EO9mkj4dKHZUUnxTydvoJ/UfIirs4w5H5gH8rPkh9dPLRM8
	bavaD+c6ufrRNNy2FIsZti+zteHTlZYzWr9Spno19lod6VyWy8iC1d2LswHgijOH1L
	Y/Urz6YXBgvcYXBiGGqY4HxrJbTbUrH3iUv9qat4=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 16F843858C41
X-Virus-Scanned:	Debian amavisd-new at smtp02.aussiebb.com.au
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-Spam-Level:
X-Spam-Status:	No, score=-2.4 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
	NICE_REPLY_A, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP,
	URI_DOTEDU autolearn=no autolearn_force=no version=3.4.6
Message-ID:	<91ad2c64-153b-1692-e100-8adcba0bf828@aussiebb.com.au>
Date:	Tue, 8 Aug 2023 11:40:55 +1000
MIME-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
	Thunderbird/102.13.0
Subject:	Re: sshd_config AllowStreamLocalForwarding *remote not possible* /
	effectively privsep off
To:	cygwin AT cygwin DOT com
References:	<883e0ae2-1ac7-1474-ba06-10d9de441390 AT aussiebb DOT com DOT au>
	<ZNEslrRdAQxRtVBD AT calimero DOT vinschen DOT de>
	<db4eb850-bb65-dc66-eeb4-00ff49cb6777 AT aussiebb DOT com DOT au>
In-Reply-To:	<db4eb850-bb65-dc66-eeb4-00ff49cb6777@aussiebb.com.au>
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Shaddy Baddah via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Shaddy Baddah <lithium-cygwin AT shaddybaddah DOT name>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

Hi,

I've just updated the subject line for accuracy. Only remote/reverse
unix socket forwarding fails.

Further, I have a clarification that might have significance:

On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote:
 > On Aug  7 22:11, Shaddy Baddah via Cygwin wrote:
..
 >
 >> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
 >> that not having that capability effectively means whatever the other
 >> criteria, the executing process doesn't have sufficient "separation" of
 >> privilege to be treated in the same manner.

Perhaps contrary to expectation, with the more conventional
remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port
exists in the, is it called the monitor
(http://www.citi.umich.edu/u/provos/ssh/priv.jpg)/intermediatary sshd
process.

So something like:

|>~C
|ssh> -R 12345:22

will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned
sshd process, which is the parent of the non-privileged owned sshd
process.

I'm not suggesting that this is not a considered situation, because to
my knowledge, it's a much different situation allowing an ssh user to
manipulate the filesystem (for unix sockets), as SYSTEM. Than using
netsocks as SYSTEM to try and bind TCP ports... I think???

But it certainly aligns with my newfound understanding of Cygwin's
"trade-off" form of privilege separation.

-- 
Regards,
Shaddy


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -