From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 95002 invoked by alias); 1 Aug 2017 08:54:45 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 94978 invoked by uid 89); 1 Aug 2017 08:54:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-101.9 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=intrusive, SYSTEM, relevance, repositories X-HELO: drew.franken.de Received: from mail-n.franken.de (HELO drew.franken.de) (193.175.24.27) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 01 Aug 2017 08:54:42 +0000 Received: from aqua.hirmke.de (aquarius.franken.de [193.175.24.89]) (Authenticated sender: aquarius) by mail-n.franken.de (Postfix) with ESMTPSA id 951AE71E3F90A for ; Tue, 1 Aug 2017 10:54:39 +0200 (CEST) Received: from calimero.vinschen.de (calimero.vinschen.de [192.168.129.6]) by aqua.hirmke.de (Postfix) with ESMTP id F29EB5E057C for ; Tue, 1 Aug 2017 10:54:38 +0200 (CEST) Received: by calimero.vinschen.de (Postfix, from userid 500) id D61B8A805CF; Tue, 1 Aug 2017 10:54:38 +0200 (CEST) Date: Tue, 01 Aug 2017 08:54:00 -0000 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: Patch for openssh : allow to use AuthorizedKeysCommand on sshd on cygwin Message-ID: <20170801085438.GH18950@calimero.vinschen.de> Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <084EF63F-381C-46B2-A644-4BCA9B599234@souchay.net> <20170731201228.GF18950@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="10jrOL3x2xqLmOsH" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) X-SW-Source: 2017-08/txt/msg00000.txt.bz2 --10jrOL3x2xqLmOsH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1941 On Jul 31 23:07, Pierre Souchay wrote: > Hi Corinna, >=20 > > On 31 Jul 2017, at 22:12, Corinna Vinschen = wrote: > >=20 > > On Jul 31 20:38, Pierre Souchay wrote: > >> Hello, > >>=20 > >> Please consider this patch: https://github.com/pierresouchay/cygwin_pa= tches/blob/master/openssh.patch > >>=20 > >> It patches opensshd to allow to use the AuthorizedKeysCommand on Cygwi= n (similar to https://github.com/openssh/openssh-portable/pull/72 ) > >=20 > > Cygwin's OpenSSH is built from upstream sources only. Consequentially > > this patch will go into Cygwin's OpenSSH package as soon as an official > > OpenSSH version will be released with this patch.=20=20 >=20 > This patch can be applied on sources in current Cygwin repositories > (aka openssh-7.4p1-1), so, if I understand well, you don't want to use > the PATCH_URI mechanism of cygport to fix the issue and prefer me to > do the fix upstream in OpenBSD source code? >=20 > (The issue being that root on CYGWIN is not uid=3D0 but uid=3D18 aka SYST= EM) >=20 > I'll send a patch to openbds maintainers as well, but since the patch > is Cygwin centric, I expected it would take less time to be applied > this way. This patch won't work as desired. How did you test it? UID 18, or better S-1-5-18, has no relevance as the sole file owner SID for a long time. You would have to test for the TrustedInstaller account as well. Also, what about the files within the Cygwin installation? They are owned by some admin account, but not by SYSTEM or TrustedInstaller. For those, the check will still fail. Yes, I prefer to fix the problem upstream. There are a couple of Cygwin-specific patches in upstream portable OpenSSH. The guys are accommodating, as long as the patch is not too intrusive. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --10jrOL3x2xqLmOsH Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZgEHOAAoJEPU2Bp2uRE+gDkoQAIEEkedizFVYpbPun1F22cxD RaartmMjQn0igQq8vmisLS6N+QqvFkmQUTu7njckpbrKjZ1UZzDXGTD5bOgG4RmT 9hc9Xi4I2PNJ9QaD/VMrevAtKyzExanP2/jbfgt2/WoiJvogNFWXnKmBGF6BEzhf rcI5H4LbYdGf6gVQGa5u2jL5pvjVNS5w1rsYl9J9eflRUmPuRTh5Mdg2km7bZtsA 4aRXhsp+788iQTIdI/u53hRj3TR3ajjLiAXiwLcdSRXh60+HALWBjlHWnT7nT5ET RFtrXEA2PohCAl+VgMLUwVH2jQCwbAFL8NDTaJSc8UoyRDR9pYe4161vezvyG0vv mMJtTJMcyIBpdhtxpPZDVxZXUUanqGthxQ1Zl104AChtyMbfSIfaCP9CJU9H0AuJ vhDSy54xeWprPlv6jWpvSkfw24KPS3u/uWhKvi8HTVO4fC4W3PYoyC2bG0mVFdBR RJ3QwOkJ+ANekWoPt4BLdGHknm/nGjDwgKFwciUXkQpUx9I9C06b4doeTSW8Dazc M7RCt7a6Yqvh086/BZT9fV282a6amYEKTcxQH79VjfH3Pprm0A7YOrLxPpJ5EeWJ qbKfD4/T3uKEFKt0tEgFhxWEK59+9mLoZ3buh0/+hqpJVry3EIAW3/5NjRgjG5Xy db6ep11f85d39BDJKsHz =sAL9 -----END PGP SIGNATURE----- --10jrOL3x2xqLmOsH--