x for
this.
David
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
Corinna Vinschen
Sent: Thursday, February 18, 2016 7:13 AM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
On Feb 17 10:43, Corinna Vinschen wrote
On Fri, Feb 19, 2016 at 6:10 AM, Corinna Vinschen wrote:
> Thanks for testing, I really appreciate that.
You're very welcome :)
-- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Un
On Feb 18 12:10, Erik Soderquist wrote:
> On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> >
> > I implemented and tested the idea and it seems to work. Note that the
> > underlying problem that we can't generate our own login session when using
> > method 1 persists. However, the new
On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
>
> I implemented and tested the idea and it seems to work. Note that the
> underlying problem that we can't generate our own login session when using
> method 1 persists. However, the new code should avoid spilling cyg_server
> credential
On Feb 17 10:43, Corinna Vinschen wrote:
> On Feb 16 20:55, David Willis wrote:
> > First let me say that I'm not too well-versed in coding and the ins and outs
> > of how processes utilize credentials when they are spawned. However, the
> > jist of it seems to be that if there are no credentials s
On Feb 16 20:55, David Willis wrote:
> First let me say that I'm not too well-versed in coding and the ins and outs
> of how processes utilize credentials when they are spawned. However, the
> jist of it seems to be that if there are no credentials saved with passwd -R
> to replace the current user
anks,
David
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
Corinna Vinschen
Sent: Monday, February 15, 2016 4:11 AM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
On Feb 14 13:36, Erik Soderquist wrote:
> I thi
On Feb 14 13:36, Erik Soderquist wrote:
> I think the key point is that if no network password is stored using
> the "passwd -R" option, then there should be absolutely no network
> access at all in the current code/design, not a fall through to the
> cyg_server account's network access, regardless
On Sun, Feb 14, 2016 at 5:49 AM, Achim Gratz wrote:
> Erik Soderquist writes:
>> I would suspect Domain Admin for the Cyg_server account is a
>> requirement of David's environment, which neither of us know anything
>> about at present. I know I've had to do things that were not "best
>> practice"
Erik Soderquist writes:
> I would suspect Domain Admin for the Cyg_server account is a
> requirement of David's environment, which neither of us know anything
> about at present. I know I've had to do things that were not "best
> practice" due to corporate policy on more occasions than I care to
>
David Willis writes:
> So you're telling me any user that logs in using key authentication cannot
> access the network as the same user (i.e. this is the intended behavior)? If
> that's the case wouldn't it be better not to allow network access at ALL,
> rather than allowing it as the service accou
On Sat, Feb 13, 2016 at 8:29 PM, David Willis wrote:
> Hmm, storing the password in the registry would probably not be optimal... I
> would probably rather deal with lack of network share access from SSH
> sessions than store a plaintext password (haven't tested it so I can't say
> for sure, but si
this isn't even really doing anything different)
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
Erik Soderquist
Sent: Saturday, February 13, 2016 4:14 PM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
> I do
are access
with that account's privileges.
Thanks,
David
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
Erik Soderquist
Sent: Saturday, February 13, 2016 4:34 PM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
On
On Sat, Feb 13, 2016 at 4:15 PM, David Willis wrote:
> So you're telling me any user that logs in using key authentication cannot
> access the network as the same user (i.e. this is the intended behavior)? If
> that's the case wouldn't it be better not to allow network access at ALL,
> rather tha
On Sat, Feb 13, 2016 at 3:34 AM, Achim Gratz wrote:
> David Willis writes:
>> I know this is a somewhat unique and I guess obscure issue, but if someone
>> could please look into this - I would be very surprised if it was NOT
>> reproducible following the steps below. Because if this is actually th
First of all, it is one thing to ask me why I have set this up the way I did
- its another to tell me I've set it up "wrong", especially without known
the ins and outs of my domain and network.
> You still do not seem to have understood what
>
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-
: Friday, February 12, 2016 5:04 PM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
With the precise steps listed/demonstrated, I've reproduced it
I connected with ssh as a normal user using a private key, and cd'd to
//server/c$/ successfully, and in the Wind
David Willis writes:
> I know this is a somewhat unique and I guess obscure issue, but if someone
> could please look into this - I would be very surprised if it was NOT
> reproducible following the steps below. Because if this is actually the case
> it is in fact granting permissions that it shoul
On Wed, Feb 10, 2016 at 12:21 AM, David Willis wrote:
> Thank you for the response..
>
> That is the problem though, it is not an error I am getting (that is in fact
> the issue is that I SHOULD be getting a "permission denied" but I am not).
> The problem is that I have access to things that I sho
share instead, and specify user credentials to do so).
Thanks,
David
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
David Willis
Sent: Tuesday, February 09, 2016 9:21 PM
To: cygwin@cygwin.com
Subject: RE: Possible Security Hole in SSHD w/
(the user I SSH'd in as) instead of the
privileged server account "cyg_server".
Thanks again for any help - much appreciated
David
-Original Message-
From: cygwin-ow...@cygwin.com [mailto:cygwin-ow...@cygwin.com] On Behalf Of
Stephen John Smoogen
Sent: Tuesday, February 09, 2016 8
On 9 February 2016 at 21:39, David Willis wrote:
> Just to add an update to this, it appears that processes run from the shell
> while logged into the CYGWIN SSHD server are run as the correct user - i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager on
> the SSHD server
nal Message-
Sent: Tuesday, February 09, 2016 7:56 AM
To: 'cygwin@cygwin.com'
Subject: RE: Possible Security Hole in SSHD w/ CYGWIN?
Sorry for starting a new thread w/ the reply, forgot to subscribe before
posting my question yesterday...
Thanks for getting back so quickly
Yes, I hav
Sorry for starting a new thread w/ the reply, forgot to subscribe before
posting my question yesterday...
Thanks for getting back so quickly
Yes, I have read that page pretty much from top to bottom, and as far as I
know I have configured sshd and the user accounts correctly. I have a
non-privile
David Willis comcast.net> writes:
> To reproduce, connect via SSH (from either a Linux or CYGWIN/Windows client)
> to a CYGWIN-based SSHD server using a normal privileged user account (an
> account preferably that is not an admin either on the client or server
> machine). Once connected to the Win
Hello,
I noticed that when connecting via SSH to a CYGWIN-based SSHD server, if the
user connects to a network share (i.e. they CD to the share UNC path in the
BASH/CYGWIN shell), they get connected as the privileged server user account
created for privilege separation when SSHD is configured w/ s
27 matches
Mail list logo