X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:content-type :content-transfer-encoding:date:from:to:subject:message-id; q= dns; s=default; b=mYeENu5OEKlzHOGa8K1XLqwDzoOlkdeDBlI8GiNCJokbjj O35tgMkqRnvFny06LXjZolLatxz/npDmOGJhAvNh3PmHRd1LO1xf6WFbDSGR7OIn Ju6O9NTuCrEehb2xXXjJy/VKbpwaNaqz86reMvlIzI0dEP5V0Aygn5KqlTaRk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:content-type :content-transfer-encoding:date:from:to:subject:message-id; s= default; bh=fRMT+HBGlNfi5DAyCXCOK7fE/sA=; b=XIgFcrKk0ZRf1zoZ+iSU s+p3skZ19OFQ+T9+kBxZRSu6wlAyX5+KGFTwsDlsLlb/EC9zhUldGdJ9nXy/BaUt mECsgdXDiO/BPPFrvOB+oOK8LQJ7qZaro6qxGyiPG0WLPOId2XPN+i4MAgsSTg00 y7MzIbU6wmebKiCzcZcg9as= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, H*F:D*nl, userid X-HELO: lb2-smtp-cloud2.xs4all.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 29 May 2017 07:23:09 +0200 From: Houder To: cygwin AT cygwin DOT com Subject: openssh: privilege separation no longer supported on Cygwin? Message-ID: X-Sender: houder AT xs4all DOT nl User-Agent: XS4ALL Webmail X-IsSubscribed: yes Hi, Privilege separation in sshd defaults to "sandbox" (as far as I understand, "openssh" has implemented a new mechanism). ... now I remember Corinna writing, that 'sandbox will not be an option for Cygwin' ... or words to that effect. Does this mean, that under Cygwin, privilege separation is no longer possible? ... because, that is, I think, what I am seeing: - the userid of child sshd is still 'cyg_server' ... - and I get an elevated shell when I login ... Not what I expected ... Gr. Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple