From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 94443 invoked by alias); 13 Feb 2016 20:04:57 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 94433 invoked by uid 89); 13 Feb 2016 20:04:57 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=4.9 required=5.0 tests=AWL,BAYES_50,CYGWIN_OWNER_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=no version=3.3.2 spammy=H*i:sk:CACoZoo, H*f:y-woPP9j-huBwT, H*i:sk:wSpjUAk, H*f:sk:wSpjUAk X-HELO: resqmta-po-09v.sys.comcast.net Received: from resqmta-po-09v.sys.comcast.net (HELO resqmta-po-09v.sys.comcast.net) (96.114.154.168) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Sat, 13 Feb 2016 20:04:56 +0000 Received: from resomta-po-15v.sys.comcast.net ([96.114.154.239]) by resqmta-po-09v.sys.comcast.net with comcast id Hw4d1s0045AAYLo01w4utY; Sat, 13 Feb 2016 20:04:54 +0000 Received: from HOME1 ([24.18.54.164]) by resomta-po-15v.sys.comcast.net with comcast id Hw4t1s00Q3YafjL01w4ux5; Sat, 13 Feb 2016 20:04:54 +0000 From: "David Willis" To: References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <019e01d163c2$d678c7e0$836a57a0$@comcast.net> In-Reply-To: Subject: RE: Possible Security Hole in SSHD w/ CYGWIN? Date: Sat, 13 Feb 2016 20:04:00 -0000 Message-ID: <023e01d16699$cdac5df0$690519d0$@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2016-02/txt/msg00197.txt.bz2 Thanks for taking the time to reproduce this - so now I know its not just m= e :) And to your point about connecting with a local path vs. a network pat= h, I noticed that too - permissions are correct when accessing anything loc= ally, but when accessing via a network path (even if it is to your own mach= ine), will reproduce this issue. Can any developers weigh in as to where the core of the problem might lie a= nd/or how it would possibly be fixed? Thanks, David -----Original Message----- From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf Of= Erik Soderquist Sent: Friday, February 12, 2016 5:04 PM To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? With the precise steps listed/demonstrated, I've reproduced it I connected with ssh as a normal user using a private key, and cd'd to //server/c$/ successfully, and in the Windows active sessions, it does indeed show "cyg_server" as the connected user, not the user I logged in with. Trying this using a password rather than a private key behaves as expected. Taking this a step further, I created a new directory from Windows Explorer and reset the permissions to explicitly deny access to the normal user I tested with. Then I tried to cd to /cygdrive/c/access_denied_test/ and received the expected access denied message, but when I tried to cd to //server/c$/access_denied_test/ I succeeded, and was able to create new files in the directory. I can provide screen shots of the reproduction without the need to redact quite so much. -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple