X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; q=
	dns; s=default; b=mYeENu5OEKlzHOGa8K1XLqwDzoOlkdeDBlI8GiNCJokbjj
	O35tgMkqRnvFny06LXjZolLatxz/npDmOGJhAvNh3PmHRd1LO1xf6WFbDSGR7OIn
	Ju6O9NTuCrEehb2xXXjJy/VKbpwaNaqz86reMvlIzI0dEP5V0Aygn5KqlTaRk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:content-type
	:content-transfer-encoding:date:from:to:subject:message-id; s=
	default; bh=fRMT+HBGlNfi5DAyCXCOK7fE/sA=; b=XIgFcrKk0ZRf1zoZ+iSU
	s+p3skZ19OFQ+T9+kBxZRSu6wlAyX5+KGFTwsDlsLlb/EC9zhUldGdJ9nXy/BaUt
	mECsgdXDiO/BPPFrvOB+oOK8LQJ7qZaro6qxGyiPG0WLPOId2XPN+i4MAgsSTg00
	y7MzIbU6wmebKiCzcZcg9as=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, H*F:D*nl, userid
X-HELO: lb2-smtp-cloud2.xs4all.net
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 29 May 2017 07:23:09 +0200
From: Houder <houder AT xs4all DOT nl>
To: cygwin AT cygwin DOT com
Subject: openssh: privilege separation no longer supported on Cygwin?
Message-ID: <d436698bbd53eef3cbdda788d4926109@xs4all.nl>
X-Sender: houder AT xs4all DOT nl
User-Agent: XS4ALL Webmail
X-IsSubscribed: yes

Hi,

Privilege separation in sshd defaults to "sandbox" (as far as
I understand, "openssh" has implemented a new mechanism).

... now I remember Corinna writing, that 'sandbox will not be
an option for Cygwin' ... or words to that effect.

Does this mean, that under Cygwin, privilege separation is no
longer possible?

... because, that is, I think, what I am seeing:

  - the userid of child sshd is still 'cyg_server' ...
  - and I get an elevated shell when I login ...

Not what I expected ...

Gr. Henri

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple