From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 64402 invoked by alias); 18 Feb 2016 15:13:01 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 64390 invoked by uid 89); 18 Feb 2016 15:13:00 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-94.7 required=5.0 tests=BAYES_20,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=unintended, outs, grok, HX-Envelope-From:sk:corinna X-HELO: calimero.vinschen.de Received: from ipbcc0d020.dynamic.kabel-deutschland.de (HELO calimero.vinschen.de) (188.192.208.32) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 18 Feb 2016 15:12:59 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id BA019A80353; Thu, 18 Feb 2016 16:12:57 +0100 (CET) Date: Thu, 18 Feb 2016 15:13:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Possible Security Hole in SSHD w/ CYGWIN? Message-ID: <20160218151257.GA14838@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <019e01d163c2$d678c7e0$836a57a0$@comcast.net> <023901d165e4$925507d0$b6ff1770$@comcast.net> <87d1s1c8ld.fsf@Rainer.invalid> <87a8n38t3r.fsf@Rainer.invalid> <20160215121101.GC7085@calimero.vinschen.de> <003801d1693f$6a5d71a0$3f1854e0$@comcast.net> <20160217094335.GA5722@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline In-Reply-To: <20160217094335.GA5722@calimero.vinschen.de> User-Agent: Mutt/1.5.24 (2015-08-30) X-SW-Source: 2016-02/txt/msg00288.txt.bz2 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1908 On Feb 17 10:43, Corinna Vinschen wrote: > On Feb 16 20:55, David Willis wrote: > > First let me say that I'm not too well-versed in coding and the ins and= outs > > of how processes utilize credentials when they are spawned. However, the > > jist of it seems to be that if there are no credentials saved with pass= wd -R > > to replace the current user token with that of the user that is SSH'd i= n, > > then there is no way to change that token at all (or get rid of it) mea= ning > > the token used when accessing a share will stay as the token of the cal= ler - > > namely cyg_server? Please correct me if I'm way off-base but that seems= to > > be my interpretation of this. >=20 > It's wrong, but it's not easy to grok how this all works under the hood. > First of all, refering to > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview, only > method 1 should be affected. > [bla, bla] > > If that is the case, it seems this is an unintended side effect of the = way > > CYGWIN and sshd work together, and with the current state of Windows th= ere > > isn't really a way around it. >=20 > There might be a way around that. I have a vague idea what to do to > create a new logon session, even when creating the token from scratch > per method 1, which would not share the network credentials of the > caller. But it's just that yet, an idea. I implemented and tested the idea and it seems to work. Note that the underlying problem that we can't generate our own login session when using method 1 persists. However, the new code should avoid spilling cyg_server credentials into the user session. Please give the new Cygwin test release 2.5.0-0.4 (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWxd95AAoJEPU2Bp2uRE+gP9IQAKVQhyZt9pIkCoFgC94VXQsZ Ykmyfqoo2tXgh3qp0L0ue5ZZFvFoZqhtd8M8lTG+jywd+xD+ehYC/4GElNTKPSFW bXsFX2BiBh7y3M4ZRIh9Chf965QvM4Wt9mAexCW49ghq/tuwjoOAI0XGzqKYp1ZU +b/FotZsOkRlOY9suP6PiLshdxOBr0mGl/xmqTw5bPVOkK0bkd+nF+rKI8QGwWTK DtSTSqzYBSfPiPw8C4Z1H0E+Kx+JGJkLL16XGFATS4rNQ9+QoA1L3iJpkVbxEOf3 wPGe41q4ApXNi0fznsy2Pr7iMwkvtoT563nD0UDZt+GiEkogSmnu+Bg8oV+Xz8q8 x4chqBrHYgp+uN1HExg3/xfUePC8Uib+4epKahHhSX7dUJbArrcPvLr02u3cqKPa /tq9UHPhVK6GmRlsLPoNahCrRGoxBwMXjLuuQkzuyrqEoDOU57OC7+I/guN2uNVL INGthkW/KWQ3u6Ii9HOsWeIHtooYhPe5UGaOMRSJd0oRHhtmAfjpULDhzNzm561+ W858mJRz6igq+18DYWSbvmuTGhymFInE4kOnB/r4bm+ZjNNrxAY4/4HjB7DYv8lR N/TPCUgtFYafyKv1cce6uPfoF17a/VWP9nKoXoSvt1No3N9Mr/SmZJf+KOoji6lY 5ndSmOTsG6b49K1S4TIM =5l+8 -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi--