X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B25DB3858284
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1691458894;
	bh=0eonfrDCkcaAgfRd6CIMKGdXNA/tC863Do9Pkk0u6Mw=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=d+9tmqykU/5T3pVQ04EO9mkj4dKHZUUnxTydvoJ/UfIirs4w5H5gH8rPkh9dPLRM8
	 bavaD+c6ufrRNNy2FIsZti+zteHTlZYzWr9Spno19lod6VyWy8iC1d2LswHgijOH1L
	 Y/Urz6YXBgvcYXBiGGqY4HxrJbTbUrH3iUv9qat4=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 16F843858C41
X-Virus-Scanned: Debian amavisd-new at smtp02.aussiebb.com.au
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 NICE_REPLY_A, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP,
 URI_DOTEDU autolearn=no autolearn_force=no version=3.4.6
Message-ID: <91ad2c64-153b-1692-e100-8adcba0bf828@aussiebb.com.au>
Date: Tue, 8 Aug 2023 11:40:55 +1000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Subject: Re: sshd_config AllowStreamLocalForwarding *remote not possible* /
 effectively privsep off
To: cygwin AT cygwin DOT com
References: <883e0ae2-1ac7-1474-ba06-10d9de441390 AT aussiebb DOT com DOT au>
 <ZNEslrRdAQxRtVBD AT calimero DOT vinschen DOT de>
 <db4eb850-bb65-dc66-eeb4-00ff49cb6777 AT aussiebb DOT com DOT au>
In-Reply-To: <db4eb850-bb65-dc66-eeb4-00ff49cb6777@aussiebb.com.au>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Shaddy Baddah via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Shaddy Baddah <lithium-cygwin AT shaddybaddah DOT name>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

Hi,

I've just updated the subject line for accuracy. Only remote/reverse
unix socket forwarding fails.

Further, I have a clarification that might have significance:

On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote:
 > On Aug  7 22:11, Shaddy Baddah via Cygwin wrote:
..
 >
 >> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
 >> that not having that capability effectively means whatever the other
 >> criteria, the executing process doesn't have sufficient "separation" of
 >> privilege to be treated in the same manner.

Perhaps contrary to expectation, with the more conventional
remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port
exists in the, is it called the monitor
(http://www.citi.umich.edu/u/provos/ssh/priv.jpg)/intermediatary sshd
process.

So something like:

|>~C
|ssh> -R 12345:22

will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned
sshd process, which is the parent of the non-privileged owned sshd
process.

I'm not suggesting that this is not a considered situation, because to
my knowledge, it's a much different situation allowing an ssh user to
manipulate the filesystem (for unix sockets), as SYSTEM. Than using
netsocks as SYSTEM to try and bind TCP ports... I think???

But it certainly aligns with my newfound understanding of Cygwin's
"trade-off" form of privilege separation.

-- 
Regards,
Shaddy


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple