X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; q=
	dns; s=default; b=mYeENu5OEKlzHOGa8K1XLqwDzoOlkdeDBlI8GiNCJokbjj
	O35tgMkqRnvFny06LXjZolLatxz/npDmOGJhAvNh3PmHRd1LO1xf6WFbDSGR7OIn
	Ju6O9NTuCrEehb2xXXjJy/VKbpwaNaqz86reMvlIzI0dEP5V0Aygn5KqlTaRk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; s=
	default; bh=fRMT+HBGlNfi5DAyCXCOK7fE/sA=; b=XIgFcrKk0ZRf1zoZ+iSU
	s+p3skZ19OFQ+T9+kBxZRSu6wlAyX5+KGFTwsDlsLlb/EC9zhUldGdJ9nXy/BaUt
	mECsgdXDiO/BPPFrvOB+oOK8LQJ7qZaro6qxGyiPG0WLPOId2XPN+i4MAgsSTg00
	y7MzIbU6wmebKiCzcZcg9as=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, H*F:D*nl, userid
X-HELO: lb2-smtp-cloud2.xs4all.net
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 29 May 2017 07:23:09 +0200
From: Houder <houder@xs4all.nl>
To: cygwin@cygwin.com
Subject: openssh: privilege separation no longer supported on Cygwin?
Message-ID: <d436698bbd53eef3cbdda788d4926109@xs4all.nl>
X-Sender: houder@xs4all.nl
User-Agent: XS4ALL Webmail
X-IsSubscribed: yes

Hi,

Privilege separation in sshd defaults to "sandbox" (as far as
I understand, "openssh" has implemented a new mechanism).

... now I remember Corinna writing, that 'sandbox will not be
an option for Cygwin' ... or words to that effect.

Does this mean, that under Cygwin, privilege separation is no
longer possible?

... because, that is, I think, what I am seeing:

  - the userid of child sshd is still 'cyg_server' ...
  - and I get an elevated shell when I login ...

Not what I expected ...

Gr. Henri

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple