From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 43361 invoked by alias); 17 Feb 2016 04:55:29 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 43351 invoked by uid 89); 17 Feb 2016 04:55:28 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=4.3 required=5.0 tests=AWL,BAYES_40,CYGWIN_OWNER_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=no version=3.3.2 spammy=sk:CreateP, *caller*, sk:createp, gratefully X-HELO: resqmta-po-02v.sys.comcast.net Received: from resqmta-po-02v.sys.comcast.net (HELO resqmta-po-02v.sys.comcast.net) (96.114.154.161) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Wed, 17 Feb 2016 04:55:27 +0000 Received: from resomta-po-06v.sys.comcast.net ([96.114.154.230]) by resqmta-po-02v.sys.comcast.net with comcast id KGvS1s0014yXVJQ01GvS1w; Wed, 17 Feb 2016 04:55:26 +0000 Received: from HOME1 ([24.18.54.164]) by resomta-po-06v.sys.comcast.net with comcast id KGvR1s0073YafjL01GvRsh; Wed, 17 Feb 2016 04:55:25 +0000 Reply-To: From: "David Willis" To: References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <019e01d163c2$d678c7e0$836a57a0$@comcast.net> <023901d165e4$925507d0$b6ff1770$@comcast.net> <87d1s1c8ld.fsf@Rainer.invalid> <87a8n38t3r.fsf@Rainer.invalid> <20160215121101.GC7085@calimero.vinschen.de> In-Reply-To: <20160215121101.GC7085@calimero.vinschen.de> Subject: RE: Possible Security Hole in SSHD w/ CYGWIN? Date: Wed, 17 Feb 2016 04:55:00 -0000 Message-ID: <003801d1693f$6a5d71a0$3f1854e0$@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2016-02/txt/msg00258.txt.bz2 First let me say that I'm not too well-versed in coding and the ins and outs of how processes utilize credentials when they are spawned. However, the jist of it seems to be that if there are no credentials saved with passwd -R to replace the current user token with that of the user that is SSH'd in, then there is no way to change that token at all (or get rid of it) meaning the token used when accessing a share will stay as the token of the caller - namely cyg_server? Please correct me if I'm way off-base but that seems to be my interpretation of this. If that is the case, it seems this is an unintended side effect of the way CYGWIN and sshd work together, and with the current state of Windows there isn't really a way around it. And that's OK (I can work around it if that's the case), I just wanted to get to the bottom of why this was happening and let people know the situation because I wasn't sure if anyone was aware of this behavior. Thank you very much Erik and everyone else for the help with this. This is my first time posting on these mailing lists and I appreciate people taking the time to reproduce the issue and help work it out. Thanks, David -----Original Message----- From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf Of Corinna Vinschen Sent: Monday, February 15, 2016 4:11 AM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? On Feb 14 13:36, Erik Soderquist wrote: > I think the key point is that if no network password is stored using > the "passwd -R" option, then there should be absolutely no network > access at all in the current code/design, not a fall through to the > cyg_server account's network access, regardless of how much or little > network access that account has. The problem is this: I'm not aware of any explicit OS call which allows the process calling CreateProcessAsUser to drop network credentials of the *caller* in the child process running under another user token. In fact, I'm not even aware of any call which allows to drop network credentials even for the calling process, and that would be the wrong thing to do anyway. This is a clear cut case of "I need help" and "Patches gratefully accepted". Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple