DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:from:to:references:in-reply-to
	:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=oi3rMpcooSWDAf6j
	ZEBn0m963rR0ukz9D481EgRskGIZn1Z6K91yWvXZYcJAZ8pJfgKJ/i/NlLQU+ggW
	plYNAdEfIy7QID98hUrxfewJS8J2nJgVRYsxxdi+jHURfMMv3f7nBpmcDRUHcHZ/
	2AA2LVuk9fl+di/tHeqkw5s5y0Y=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Reply-To: <cygwin AT cygwin DOT com>
From: "David Willis" <david_willis AT comcast DOT net>
To: <cygwin AT cygwin DOT com>
References:
In-Reply-To:
Subject: RE: Possible Security Hole in SSHD w/ CYGWIN?
Date: Tue, 9 Feb 2016 07:56:15 -0800
Message-ID: <018801d16352$68a6b940$39f42bc0$@comcast.net>
MIME-Version: 1.0
Content-Type: text/plain;	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Sorry for starting a new thread w/ the reply, forgot to subscribe before
posting my question yesterday...

Thanks for getting back so quickly

Yes, I have read that page pretty much from top to bottom, and as far as I
know I have configured sshd and the user accounts correctly. I have a
non-privileged, disabled account named "sshd", as well as a privileged
account called "cyg_server". Privilege separation seems to be working fine -
i.e. when the request for a connection comes in the process is running as
"sshd", then it spawns a privileged process running as "cyg_server" once the
user is authenticated.

However no I am not logging in with a password; I have setup public key
authentication.

And the user I'm being connected as (as seen from the file share server) is
not the "sshd" user account, it is the privileged "cyg_server" user account.
Although that account has no rights to logon interactively or thru Terminal
Services, it is a privileged account on the file server (because the file
server is also running CYGWIN and thus must allow privileged rights to that
account as well). I should clarify that in my case, cyg_server is a domain
account (not a local account).

And the way I can verify, is that I have a folder on that share that the
user I am authenicating as does not have rights do view, but cyg_server does
(because Administrators on that server do), and when I connect as my user
via SSHD to any one of my other machines on the domain running CYGWIN, I can
then navigate to and read the contents of that file share when I shouldn't
be able to. If I try to do the same thing, from the same account, but on my
machine locally without connecting to any other CYGWIN SSH server, I get a
"Permission denied", which is what I would expect.

Thank you for your help on this.

David

----------------------------------------------------------------------------
--------------------------

Did you read https://cygwin.com/cygwin-ug-net/ntsec.html, configured sshd
and the user accounts correctly and are logging in with a password using
either of the methods described?

FWIW, I'm seeing the connected user as the one that I logged into via ssh. 
In fact the sshd user account doesn't have any network access rights anyway,
so I couldn't connect to any network share if that acount would be used.


Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple