From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-208336-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 22745 invoked by alias); 29 May 2017 05:23:10 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 22719 invoked by uid 89); 29 May 2017 05:23:09 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:569, H*F:D*nl, userid
X-HELO: lb2-smtp-cloud2.xs4all.net
Received: from lb2-smtp-cloud2.xs4all.net (HELO lb2-smtp-cloud2.xs4all.net) (194.109.24.25) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 29 May 2017 05:23:07 +0000
Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:217])	by smtp-cloud2.xs4all.net with ESMTP	id S5P91v0060nKt58015P9pD; Mon, 29 May 2017 07:23:09 +0200
Received: from a83-162-234-136.adsl.xs4all.nl ([83.162.234.136]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Mon, 29 May 2017 07:23:09 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 29 May 2017 06:40:00 -0000
From: Houder <houder@xs4all.nl>
To: cygwin@cygwin.com
Subject: openssh: privilege separation no longer supported on Cygwin?
Message-ID: <d436698bbd53eef3cbdda788d4926109@xs4all.nl>
X-Sender: houder@xs4all.nl
User-Agent: XS4ALL Webmail
X-IsSubscribed: yes
X-SW-Source: 2017-05/txt/msg00464.txt.bz2

Hi,

Privilege separation in sshd defaults to "sandbox" (as far as
I understand, "openssh" has implemented a new mechanism).

... now I remember Corinna writing, that 'sandbox will not be
an option for Cygwin' ... or words to that effect.

Does this mean, that under Cygwin, privilege separation is no
longer possible?

... because, that is, I think, what I am seeing:

  - the userid of child sshd is still 'cyg_server' ...
  - and I get an elevated shell when I login ...

Not what I expected ...

Gr. Henri

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple