RE: Possible Security Hole in SSHD w/ CYGWIN?

["David Willis" <david_willis@comcast.net>]

Thanks for taking the time to reproduce this - so now I know its not just me :) And to your point about connecting with a local path vs. a network path, I noticed that too - permissions are correct when accessing anything locally, but when accessing via a network path (even if it is to your own machine), will reproduce this issue.

Can any developers weigh in as to where the core of the problem might lie and/or how it would possibly be fixed?

Thanks,

David

-----Original Message-----
From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf Of Erik Soderquist
Sent: Friday, February 12, 2016 5:04 PM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?

With the precise steps listed/demonstrated, I've reproduced it

I connected with ssh as a normal user using a private key, and cd'd to
//server/c$/ successfully, and in the Windows active sessions, it does
indeed show "cyg_server" as the connected user, not the user I logged
in with.  Trying this using a password rather than a private key
behaves as expected.

Taking this a step further, I created a new directory from Windows
Explorer and reset the permissions to explicitly deny access to the
normal user I tested with.  Then I tried to cd to
/cygdrive/c/access_denied_test/ and received the expected access
denied message, but when I tried to cd to
//server/c$/access_denied_test/ I succeeded, and was able to create
new files in the directory.

I can provide screen shots of the reproduction without the need to
redact quite so much.

-- Erik



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple