X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; q=dns; s=default; b=FB tID6PxnZ506hbqSrfA4MGLiVJFihZ8/Q7RTv3nE48130AU3tBoCgvtWGqdsQTjHk cTXAj3zRDXd8bp83lBXzod8z6QBLwRggHIx3HF96iwLoz9YYNAkHJqg/JYsBxGJ1 9YYU3TtJcovy6UgHxb/VIc0lTxeerUD+FXHtlqbP4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; s=default; bh=oB0fpv4E OYh+YY37RiyFBOjSTyg=; b=eYL+iHoOWaYXwnpff4V3C3SbI8+widW9cRnAjvdQ QWMXlJkHG08kl4Br6rnNb4QcLq/x5F7naQwRO1DuENTPuo1kMrljILIdFxXTeAcO X3D5JN0JSf7NP5SGzjySILK1H+Ur37z99MdqadEysRhcHUH9BpI019v7cGu4nllH cl0= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.1 required=5.0 tests=BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Willis, D*comcast.net, willis, david_willis@comcast.net X-HELO: mail-ig0-f175.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=9lJ5Q9DZSr9RhRt9NhMzUgvfosz52z2VzhKZf8TV2Ag=; b=b9NgQxPGVW4iQW9kTqJ1oBo+gPQH6QIRlkYossJctbfnNlbHtEyhpHuQ0Cy8l5UCJc rltNDhhTPkkD3ON/tn1wUlkIcAb41NgMBCnFlSaoSq31GPf4FsJKqDaJODa/tho3+vMH HkMToLiZ46i2Vo92R2qIb/Z7whmZ+fLOfIJlNgUb9HpVyIODoFp2y1ek1ur7avMngly0 sfRM2hmVGwnNFcM74v3IdVvJJQNJrWfng6czGCMU1+Nn2/xS9YDA5Sp5K/C+0C4hEBYr MSBStyQtU4MHCK5MOs7ZToY2a6L0lv8o11ZT8GrK10akCMIoTdOZjS7qKg3pxirf9sAX SOOw== X-Gm-Message-State: AG10YORmlEEOfy/LDrm+FzmjLRtRCJ5PPpDeWvTngxlax1v78NF9KldNTzlzTpYYNbfdNvwDoJUwV4XcFouNVg== MIME-Version: 1.0 X-Received: by 10.50.43.228 with SMTP id z4mr7771519igl.33.1455080239528; Tue, 09 Feb 2016 20:57:19 -0800 (PST) In-Reply-To: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> Date: Tue, 9 Feb 2016 21:57:19 -0700 Message-ID: Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? From: Stephen John Smoogen To: cygwin@cygwin.com Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes On 9 February 2016 at 21:39, David Willis wrote: > Just to add an update to this, it appears that processes run from the shell > while logged into the CYGWIN SSHD server are run as the correct user - i.e. > I run a ping or cat a file and pipe it to less, and check Task Manager on > the SSHD server, and those processes show as being run as the user I SSH'd > in as, the way it should be. > > So it looks like this bug is specifically when accessing files or directory > contents. I literally run a "ls -l" command from the local CYGWIN shell on > the SSHD server, against a file share that I have no access to, and get a > permission denied. I run the exact same command, SSH'd into that same box as > the same user against the same file share, and this time I can list the > directory contents. Same results with "cat"ing files in those directories. > What gives? > > Any help on this VERY much appreciated!!! > In general, you need to be able to cut and paste the errors you are seeing versus using words to describe them. There are several different things that what you are describing could look like so without that extra data it is hard to figure out how to duplicate what you might be seeing. -- Stephen J Smoogen. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple