From: Achim Gratz <Stromeko@NexGo.DE>
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
Date: Tue, 09 Feb 2016 07:53:00 -0000 [thread overview]
Message-ID: <loom.20160209T084758-211@post.gmane.org> (raw)
In-Reply-To: <016c01d16305$252c94c0$6f85be40$@comcast.net>
David Willis <david_willis <at> comcast.net> writes:
> To reproduce, connect via SSH (from either a Linux or CYGWIN/Windows client)
> to a CYGWIN-based SSHD server using a normal privileged user account (an
> account preferably that is not an admin either on the client or server
> machine). Once connected to the Windows SSHD server, CD to a UNC path of a
> network share. Once CD'd to that path, check Computer Management on that
> server, and go to Shares->Open Sessions, and you will see that the user
> connected is the privileged SSHD server account (and it will obviously show
> as being connected from the machine you are SSH'd into).
Did you read https://cygwin.com/cygwin-ug-net/ntsec.html, configured sshd
and the user accounts correctly and are logging in with a password using
either of the methods described?
FWIW, I'm seeing the connected user as the one that I logged into via ssh.
In fact the sshd user account doesn't have any network access rights anyway,
so I couldn't connect to any network share if that acount would be used.
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2016-02-09 7:53 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-09 6:43 David Willis
2016-02-09 7:53 ` Achim Gratz [this message]
2016-02-09 15:56 David Willis
2016-02-10 4:39 David Willis
2016-02-10 4:57 ` Stephen John Smoogen
2016-02-10 5:21 ` David Willis
2016-02-12 22:27 ` David Willis
2016-02-13 8:34 ` Achim Gratz
2016-02-13 21:15 ` David Willis
2016-02-14 0:34 ` Erik Soderquist
2016-02-14 1:29 ` David Willis
2016-02-14 1:48 ` Erik Soderquist
2016-02-14 10:49 ` Achim Gratz
2016-02-14 0:14 ` Erik Soderquist
2016-02-14 1:37 ` David Willis
2016-02-14 10:49 ` Achim Gratz
2016-02-14 18:36 ` Erik Soderquist
2016-02-15 12:11 ` Corinna Vinschen
2016-02-17 4:55 ` David Willis
2016-02-17 9:43 ` Corinna Vinschen
2016-02-18 15:13 ` Corinna Vinschen
2016-02-18 17:10 ` Erik Soderquist
2016-02-19 11:10 ` Corinna Vinschen
2016-02-19 16:38 ` Erik Soderquist
2016-02-20 19:53 ` David Willis
2016-02-13 1:04 ` Erik Soderquist
2016-02-13 20:04 ` David Willis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=loom.20160209T084758-211@post.gmane.org \
--to=stromeko@nexgo.de \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).