https://bugzilla.mindrot.org/show_bug.cgi?id=2885
--- Comment #4 from Corinna Vinschen <vinsc...@redhat.com> --- Privsep never worked fully on Cygwin. It uses descriptor passing via AF_UNIX sockets which isn't implemented in Cygwin (yet). So when privsep was introduced, only one half of it got used on Cygwin. The problem is, I don't remember which part of it. Either way, I checked the source history and it seems the code in question here (preauth) was never used on Cygwin anyway. The getuid==0 check exists since 2002. Second problem is that permanently_set_uid() is a fake on Cygwin. Permanently changing the uid/gid only works when exec'ing a new process. It's never permanent while still in the same process. This is a limitation of the Windows authorization model. Above all, chroot is a concept not supported by Windows anyway. Therefore the chroot emulation of Cygwin does not actually add any security since applications can easily work around it by using native Windows API calls rather than just Cygwin POSIX calls, as is well-known. Bottom line is, I'm not sure what to do here. Preauth privsep is not really well supportable on Cygwin. Probably the best way out is to remove any Cygwin-specific code here and tell the user that this is not supported on Cygwin. THis shouldn't affect the other part of privsep, though. Corinna -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs