X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=Jpitl2bvT53tOIoqzGeqkZCBHH/qkQcx928r0v3hkqJ4STnsVu0qn aitplT3dDWtQ2Ga4881bR7EPgwV92GHvUlrH61l/XM0cKWrGY6qSIaQ77unmOXjS 6873R0vpNPkzslKvwe6gn968O2h7qXs+b/CQpyIOjaQpQC4Calh1x4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=cpyKOpFILtn28Ar3EDsriShxccA=; b=lMb6iOUb/09f2jPZUTTIK7rtOOTw N4atazpUJBZf9AF+/qGm32Ie3VnY/n2WHsnlZcuiHsbpzObJo1WQ2otlECgzOPqY BsU1k95voDIIKV/caxfRvOF7fL54/w9nX1wFJKNh0fjFJrEmIBHyAWrVF96QluRm 4IUFOJFSfnNDask= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=H*F:D*cygwin.com X-HELO: mout.kundenserver.de Date: Wed, 6 Mar 2019 17:15:04 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Logging-in using ssh elevates the user privilege. Message-ID: <20190306161504.GZ3785@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20190307010000 DOT fc28b73739c2dd66e609982b AT nifty DOT ne DOT jp> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1Dvf9Qz7hFaodvwE" Content-Disposition: inline In-Reply-To: <20190307010000.fc28b73739c2dd66e609982b@nifty.ne.jp> User-Agent: Mutt/1.11.3 (2019-02-01) --1Dvf9Qz7hFaodvwE Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mar 7 01:00, Takashi Yano wrote: > Hello, >=20 > I would like to report a problem of recent cygwin. >=20 > If a user logs in via ssh, the user aqcuires the elevated > privilege if the user belongs to Administrators group. This is by design, and this is no new behaviour. As soon as an admin account logs in, seteuid uses the elevated token. Cygwin is doing that since 2015. After all, from an ssh session there would be *no* chance to run administrative tasks if the user would only get a non-elevated token. There's no way to switch to the elevated token from an ssh session. Corinna --=20 Corinna Vinschen Cygwin Maintainer --1Dvf9Qz7hFaodvwE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/8ggACgkQ9TYGna5E T6Ay+g//ZCAdV/cH9gBjOsu6U+lHrYO2uTRIj1xTGsnLj77xtYYW9xRIqIQz6aj3 LAhtOI/e2OsirZu/pzBLkBQn1ATdxOj7yyk6Xf1Yt8VSoQkeKrCfyyHxDni4GOPm sM5hZtP3cWgEgMIq2Q1joOSiwQGzBWWsNsdZszuIG816PnJT3nAFMSpJFyGjAXaK p8Mvaol8d8I7Hrj1LOAVxAq7jDyAk5EpMRSabcIYRq/G+2F+TLMF2XIeGkRSb/aq +bW32rWAyjbiO8WpEcS3c61T4JWv/5pHjc0Kp62lKUzXuSDsZ4osxTnu3iyzbHry 4swcTJgzxSIwKTTHivYlupq/GDewk7xV4i/CTMFAkWZ7StQ9FG7HL39uGr58a3aI AUZygqIhz/pfb4l/ajzjeReVXasgnGQxU5YnvPNvIDATm82kKhxodQSMS618nmyQ m7FoQETtgtu5jMpB3zAQrphHnn8t0ZNIGW0qujhIi5ecyp1nJbHj7bv8NStQH41J 5jhF8UTyQ6TPZzLT2KqmeCmD/T1QYiSCZUroGRQqPFeGA/BKCheXkl1L72eFo04J jZAylWeffNk3qdjc0aEa/IzS+XMWjTVIFno4IG7kUulun+0H9TlkMR0tD8cA9bTA vFIiwO1T1IDPb3RxgNxC22XtzI/q1gf67ai5IrWB2gRMet7WtX4= =o+kt -----END PGP SIGNATURE----- --1Dvf9Qz7hFaodvwE--