This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: OpenSSH-4.4p1-1

Corinna Vinschen wrote:
On Oct 11 16:20, Wells, Roger K. wrote:
When I installed this my previous installation broke and now the sshd
server stops immediately when it is started.  Any hints will be

Maybe that's it:

This is bad. Suppose I am a cygwin user on a machine to which I do not have Administrator privileges. Until now, I could run a personal sshd on a unique port, and connect back to my windows box. Now I can't -- because, as a non-Admin, I can't create the sshd user. (and this use case is not a hypothetical; I do this on the job often)

I consider this a regression -- and what's worse, IMO the patch that imposed this new requirement is dead wrong. Here's a fuller quote of the offending section of the changelog:

 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
   be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes

My translation: even when UsePrivilegeSeparation=no we are STILL going to use privsep. And this misfeature will be imposed across all platforms, just to fix a crash on one platform when using one optional authentication component.

Not nice, not nice at all.


-- Unsubscribe info: Problem reports: Documentation: FAQ:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]