From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
Date: Thu, 18 Feb 2016 15:13:00 -0000 [thread overview]
Message-ID: <20160218151257.GA14838@calimero.vinschen.de> (raw)
In-Reply-To: <20160217094335.GA5722@calimero.vinschen.de>
[-- Attachment #1: Type: text/plain, Size: 1927 bytes --]
On Feb 17 10:43, Corinna Vinschen wrote:
> On Feb 16 20:55, David Willis wrote:
> > First let me say that I'm not too well-versed in coding and the ins and outs
> > of how processes utilize credentials when they are spawned. However, the
> > jist of it seems to be that if there are no credentials saved with passwd -R
> > to replace the current user token with that of the user that is SSH'd in,
> > then there is no way to change that token at all (or get rid of it) meaning
> > the token used when accessing a share will stay as the token of the caller -
> > namely cyg_server? Please correct me if I'm way off-base but that seems to
> > be my interpretation of this.
>
> It's wrong, but it's not easy to grok how this all works under the hood.
> First of all, refering to
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview, only
> method 1 should be affected.
> [bla, bla]
> > If that is the case, it seems this is an unintended side effect of the way
> > CYGWIN and sshd work together, and with the current state of Windows there
> > isn't really a way around it.
>
> There might be a way around that. I have a vague idea what to do to
> create a new logon session, even when creating the token from scratch
> per method 1, which would not share the network credentials of the
> caller. But it's just that yet, an idea.
I implemented and tested the idea and it seems to work. Note that the
underlying problem that we can't generate our own login session when using
method 1 persists. However, the new code should avoid spilling cyg_server
credentials into the user session.
Please give the new Cygwin test release 2.5.0-0.4
(https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-02-18 15:13 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-10 4:39 David Willis
2016-02-10 4:57 ` Stephen John Smoogen
2016-02-10 5:21 ` David Willis
2016-02-12 22:27 ` David Willis
2016-02-13 8:34 ` Achim Gratz
2016-02-13 21:15 ` David Willis
2016-02-14 0:34 ` Erik Soderquist
2016-02-14 1:29 ` David Willis
2016-02-14 1:48 ` Erik Soderquist
2016-02-14 10:49 ` Achim Gratz
2016-02-14 0:14 ` Erik Soderquist
2016-02-14 1:37 ` David Willis
2016-02-14 10:49 ` Achim Gratz
2016-02-14 18:36 ` Erik Soderquist
2016-02-15 12:11 ` Corinna Vinschen
2016-02-17 4:55 ` David Willis
2016-02-17 9:43 ` Corinna Vinschen
2016-02-18 15:13 ` Corinna Vinschen [this message]
2016-02-18 17:10 ` Erik Soderquist
2016-02-19 11:10 ` Corinna Vinschen
2016-02-19 16:38 ` Erik Soderquist
2016-02-20 19:53 ` David Willis
2016-02-13 1:04 ` Erik Soderquist
2016-02-13 20:04 ` David Willis
-- strict thread matches above, loose matches on Subject: below --
2016-02-09 15:56 David Willis
2016-02-09 6:43 David Willis
2016-02-09 7:53 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160218151257.GA14838@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).