From: Stephen John Smoogen <smooge@gmail.com>
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
Date: Wed, 10 Feb 2016 04:57:00 -0000 [thread overview]
Message-ID: <CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com> (raw)
In-Reply-To: <019c01d163bc$fe2fc500$fa8f4f00$@comcast.net>
On 9 February 2016 at 21:39, David Willis <david_willis@comcast.net> wrote:
> Just to add an update to this, it appears that processes run from the shell
> while logged into the CYGWIN SSHD server are run as the correct user - i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager on
> the SSHD server, and those processes show as being run as the user I SSH'd
> in as, the way it should be.
>
> So it looks like this bug is specifically when accessing files or directory
> contents. I literally run a "ls -l" command from the local CYGWIN shell on
> the SSHD server, against a file share that I have no access to, and get a
> permission denied. I run the exact same command, SSH'd into that same box as
> the same user against the same file share, and this time I can list the
> directory contents. Same results with "cat"ing files in those directories.
> What gives?
>
> Any help on this VERY much appreciated!!!
>
In general, you need to be able to cut and paste the errors you are
seeing versus using words to describe them. There are several
different things that what you are describing could look like so
without that extra data it is hard to figure out how to duplicate what
you might be seeing.
--
Stephen J Smoogen.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2016-02-10 4:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-10 4:39 David Willis
2016-02-10 4:57 ` Stephen John Smoogen [this message]
2016-02-10 5:21 ` David Willis
2016-02-12 22:27 ` David Willis
2016-02-13 8:34 ` Achim Gratz
2016-02-13 21:15 ` David Willis
2016-02-14 0:34 ` Erik Soderquist
2016-02-14 1:29 ` David Willis
2016-02-14 1:48 ` Erik Soderquist
2016-02-14 10:49 ` Achim Gratz
2016-02-14 0:14 ` Erik Soderquist
2016-02-14 1:37 ` David Willis
2016-02-14 10:49 ` Achim Gratz
2016-02-14 18:36 ` Erik Soderquist
2016-02-15 12:11 ` Corinna Vinschen
2016-02-17 4:55 ` David Willis
2016-02-17 9:43 ` Corinna Vinschen
2016-02-18 15:13 ` Corinna Vinschen
2016-02-18 17:10 ` Erik Soderquist
2016-02-19 11:10 ` Corinna Vinschen
2016-02-19 16:38 ` Erik Soderquist
2016-02-20 19:53 ` David Willis
2016-02-13 1:04 ` Erik Soderquist
2016-02-13 20:04 ` David Willis
-- strict thread matches above, loose matches on Subject: below --
2016-02-09 15:56 David Willis
2016-02-09 6:43 David Willis
2016-02-09 7:53 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANnLRdhVrFcveO_jKb3_x=44WMJNO33DPnsJZ12Wus3U7Wo_fQ@mail.gmail.com' \
--to=smooge@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).