X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=YqYMc7If7VvAJY7YOCoqewKdUHdzQ4A4RqXJW+lCIt/B8rT6qWYjU
	PWjGu+A6oFkn9S3UcOpWtRj6I93Z/T1hOS2Ibs0VLesYYojF8TT+uhtNoG/ctjx/
	H9TwNzp8dfsifOV9j324BbxhZu8cBR0Z+73pjKmSwqjVpWshimVivE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=iixmng/gQyd8VIgDD8fkXhK11Rc=; b=TKMnMI5EPX0my5d1Aibh6hHQQeY4
	DJEPGbaWSSqcxriSDKoJ+nriJn494/SLkoYroh1m7loBuN/kgBU3xhz52O7Hx0sj
	fJisl8bqC4npsc8clQjbNqtQiqWoAmj95Vw662y8VGKo4UBex2S4bQ10PSAQNYcP
	G34zONpGkkXqVnU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-95.2 required=5.0 tests=BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=Hx-languages-length:975, H*f:sk:Q4EE4-L, H*MI:sk:Q4EE4-L, H*i:sk:Q4EE4-L
X-HELO: calimero.vinschen.de
Date: Mon, 15 Feb 2016 13:11:01 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
Message-ID: <20160215121101.GC7085@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ AT mail DOT gmail DOT com> <019e01d163c2$d678c7e0$836a57a0$@comcast.net> <023901d165e4$925507d0$b6ff1770$@comcast.net> <87d1s1c8ld DOT fsf AT Rainer DOT invalid> <CACoZoo3R4CDcgTMMex9QZ=Wh9a8CDvyUHpqj5+Br5xYFvGHvuQ AT mail DOT gmail DOT com> <87a8n38t3r DOT fsf AT Rainer DOT invalid> <CACoZoo3831x0PVOQ9j6zh+Q4EE4-LFNV7KQsgeyooPJmvM7qVA AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="eRtJSFbw+EEWtPj3"
Content-Disposition: inline
In-Reply-To: <CACoZoo3831x0PVOQ9j6zh+Q4EE4-LFNV7KQsgeyooPJmvM7qVA@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)

--eRtJSFbw+EEWtPj3
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 14 13:36, Erik Soderquist wrote:
> I think the key point is that if no network password is stored using
> the "passwd -R" option, then there should be absolutely no network
> access at all in the current code/design, not a fall through to the
> cyg_server account's network access, regardless of how much or little
> network access that account has.

The problem is this:

I'm not aware of any explicit OS call which allows the process calling
CreateProcessAsUser to drop network credentials of the *caller* in the
child process running under another user token.

In fact, I'm not even aware of any call which allows to drop network
credentials even for the calling process, and that would be the wrong
thing to do anyway.

This is a clear cut case of "I need help" and "Patches gratefully
accepted".


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--eRtJSFbw+EEWtPj3
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWwcBVAAoJEPU2Bp2uRE+gJswP/0D3HBil8zCIN05Iw4gYynq+
tu8rQQbND/W6flsL9nnjcmBxbLcA4evvE2qWEiH10Dj5OYOq6isDdziKMXpGOJQ4
MUXj2UH9ESNVmLUGaK8In62SUTH3s9e7gAtG4WAOo5xALNmba0kE2ZC4mI3mvG0E
7BYeOfJg6BfsRP0hIe/iFoyrLrHDETGK8n5h+y23V9kBGb/vfRQBLHj+Hts9K9gQ
+TKpKkSli9ZvvoV2zlpmeAN018LIHBktUrVTrJefpTuRCkTP8Ad0Nvynbk5u3h0d
klqDqyofLR7U/riNOtohq4zU5DcADsNj9caaqP6WcJ1jJ00Su4F2H5J7QpQqqp4a
+Bg9/iPCe3oM+XhMNK+0UAZguzrXlpWIFuG0DmTRgKDTD+RD5B5b1Nc8kikQ10+s
N6KLC+eIOWgxqOBILIpsZeypMTftTmd6ckD5vzdBKesbZ6DxI1N9YJCAhxvypY/D
ZxAPbMMUKK57frXF19w1HSu9AWqi/VgqkafKaI2rAxBBX6tN0tc62ZvQLp8aGFCX
1M/nGfPFipDbYebBc/Gs8wsYd9qhGVZ1Ks7Nn2AGZVMlJr6d6bAymYsg9ecM8uoV
dhBDYd7TMIKI+sJtkCuUc2ffAicPVtqV202KAqGil5gQmEXc5M4qBh+bVVY6vgk7
GJhx+5VYSS1naLgswhHi
=wYXc
-----END PGP SIGNATURE-----

--eRtJSFbw+EEWtPj3--