From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 114106 invoked by alias); 15 Feb 2016 12:11:05 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 114085 invoked by uid 89); 15 Feb 2016 12:11:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-95.2 required=5.0 tests=BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=Hx-languages-length:975, H*f:sk:Q4EE4-L, H*MI:sk:Q4EE4-L, H*i:sk:Q4EE4-L X-HELO: calimero.vinschen.de Received: from ipbcc0d020.dynamic.kabel-deutschland.de (HELO calimero.vinschen.de) (188.192.208.32) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 15 Feb 2016 12:11:03 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 87D1DA80595; Mon, 15 Feb 2016 13:11:01 +0100 (CET) Date: Mon, 15 Feb 2016 12:11:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? Message-ID: <20160215121101.GC7085@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net> <019e01d163c2$d678c7e0$836a57a0$@comcast.net> <023901d165e4$925507d0$b6ff1770$@comcast.net> <87d1s1c8ld.fsf@Rainer.invalid> <87a8n38t3r.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="eRtJSFbw+EEWtPj3" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SW-Source: 2016-02/txt/msg00227.txt.bz2 --eRtJSFbw+EEWtPj3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 965 On Feb 14 13:36, Erik Soderquist wrote: > I think the key point is that if no network password is stored using > the "passwd -R" option, then there should be absolutely no network > access at all in the current code/design, not a fall through to the > cyg_server account's network access, regardless of how much or little > network access that account has. The problem is this: I'm not aware of any explicit OS call which allows the process calling CreateProcessAsUser to drop network credentials of the *caller* in the child process running under another user token. In fact, I'm not even aware of any call which allows to drop network credentials even for the calling process, and that would be the wrong thing to do anyway. This is a clear cut case of "I need help" and "Patches gratefully accepted". Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --eRtJSFbw+EEWtPj3 Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWwcBVAAoJEPU2Bp2uRE+gJswP/0D3HBil8zCIN05Iw4gYynq+ tu8rQQbND/W6flsL9nnjcmBxbLcA4evvE2qWEiH10Dj5OYOq6isDdziKMXpGOJQ4 MUXj2UH9ESNVmLUGaK8In62SUTH3s9e7gAtG4WAOo5xALNmba0kE2ZC4mI3mvG0E 7BYeOfJg6BfsRP0hIe/iFoyrLrHDETGK8n5h+y23V9kBGb/vfRQBLHj+Hts9K9gQ +TKpKkSli9ZvvoV2zlpmeAN018LIHBktUrVTrJefpTuRCkTP8Ad0Nvynbk5u3h0d klqDqyofLR7U/riNOtohq4zU5DcADsNj9caaqP6WcJ1jJ00Su4F2H5J7QpQqqp4a +Bg9/iPCe3oM+XhMNK+0UAZguzrXlpWIFuG0DmTRgKDTD+RD5B5b1Nc8kikQ10+s N6KLC+eIOWgxqOBILIpsZeypMTftTmd6ckD5vzdBKesbZ6DxI1N9YJCAhxvypY/D ZxAPbMMUKK57frXF19w1HSu9AWqi/VgqkafKaI2rAxBBX6tN0tc62ZvQLp8aGFCX 1M/nGfPFipDbYebBc/Gs8wsYd9qhGVZ1Ks7Nn2AGZVMlJr6d6bAymYsg9ecM8uoV dhBDYd7TMIKI+sJtkCuUc2ffAicPVtqV202KAqGil5gQmEXc5M4qBh+bVVY6vgk7 GJhx+5VYSS1naLgswhHi =wYXc -----END PGP SIGNATURE----- --eRtJSFbw+EEWtPj3--