X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=ZPZH6t5+mipLyQU9GMHgbCgQOR8mvDoVn32ZEv63vVgF8YS6kC6if a0rNLRK1SkjxB10PpErG4B2y8rKtOyxONmEeOr5PH/CBxB15EWKUvs8XmyGKJdrz 9cHQ0C2BCif1dgOcm8tpBYZ0PRerYOShZoXnW50TSMzbXXJI3b4Zpk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=GhNRBa5PvAswB7d5HUsIQhEI5ZM=; b=V4tK5aR7gWF3aVxCM/TQ3J5dvjpb M8mi6xqEvpdl+JsbUoWNOFlxA8Gq5n/CtNUrtOZltlzhGVCdWoD9mCCf6P7DRTr7 PSrNQPpxUDOgZb61SiHOE88eouTpOJVmGS3otjJ4mTg5VuPSXhyRUTT88sUAN6JX lpc3kMWvHstIAZI= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=Hx-languages-length:771, H*F:D*cygwin.com X-HELO: mout.kundenserver.de Date: Wed, 6 Mar 2019 17:17:31 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Logging-in using ssh elevates the user privilege. Message-ID: <20190306161731.GA3785@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20190307010000 DOT fc28b73739c2dd66e609982b AT nifty DOT ne DOT jp> <20190306161504 DOT GZ3785 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EyuBRJR0MsVMWKTf" Content-Disposition: inline In-Reply-To: <20190306161504.GZ3785@calimero.vinschen.de> User-Agent: Mutt/1.11.3 (2019-02-01) --EyuBRJR0MsVMWKTf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mar 6 17:15, Corinna Vinschen wrote: > On Mar 7 01:00, Takashi Yano wrote: > > Hello, > >=20 > > I would like to report a problem of recent cygwin. > >=20 > > If a user logs in via ssh, the user aqcuires the elevated > > privilege if the user belongs to Administrators group. >=20 > This is by design, and this is no new behaviour. As soon as an admin > account logs in, seteuid uses the elevated token. Cygwin is doing that > since 2015. Actually, since 2010. >=20 > After all, from an ssh session there would be *no* chance to run > administrative tasks if the user would only get a non-elevated token. > There's no way to switch to the elevated token from an ssh session. Corinna --=20 Corinna Vinschen Cygwin Maintainer --EyuBRJR0MsVMWKTf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/8psACgkQ9TYGna5E T6BEQhAAlHrJrWIkBIyx/9Uj4sXFNYav02pigL7HVORavdBVkT3oY6/ZufxIZwab DP2+xFViXl3JuKjEvSegRT4mLpJp7gjfw5QNZ6+aGIobxJ3WHQCvVxVi6Rqmx42s K7ofyl3V2S/jDnddNDpK90Zq2Gt58vVA2Hd8KIcv5gznIRijUpenTvWG9Q0w6lWt ByZ3GyRXhV1V8OAVwSIT4hlxiIlGDNXYnvcQIawAItFn9wZSTrszoYo8v7bpYQLL IMJT2o7fHKuHjyA5rbKLC1C43cq3+Nr9+3jXqyHXM/a61m/VObyMJ5vZUFU/rtVx y7MJbdg34HiUIuuDaN+nHZByLbySSTUQIDDMFr/lUpMoumrzt/pm79xZcw1Njryb 7xZ4KuWxvom3KBC/MvQXpB/D4sHtoJU5k88iAaMbKHIWQCcHcygdPuRWBtxAB46V zUup8Y5a8juUhGd2V6k1kgJiv87Pv7Y3Jen+36pK0YePYScNNYtSW43V/dxrViG2 dF1BYZiQhN2DbmsnrQBnJKrIVB7VtI8c4ltaVN+Wvk3sIfVeq9CgalH4cXXGLFY9 MDuSpSK+mCJB9WAnNg1CNoh2qOdRYr2W4uAvlW+udwb7zxBszW2i06PphsV5nvqA 1u365Hh5sJDpCo5I4z19Kw4sHTyChjK90FUKnsCsk+JeJVA2Ml4= =qPWV -----END PGP SIGNATURE----- --EyuBRJR0MsVMWKTf--