This is the mail archive of the
mailing list for the Cygwin project.
Re: Possible Security Hole in SSHD w/ CYGWIN?
- From: Stephen John Smoogen <smooge at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 9 Feb 2016 21:57:19 -0700
- Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
- Authentication-results: sourceware.org; auth=none
- References: <019c01d163bc$fe2fc500$fa8f4f00$ at comcast dot net>
On 9 February 2016 at 21:39, David Willis <firstname.lastname@example.org> wrote:
> Just to add an update to this, it appears that processes run from the shell
> while logged into the CYGWIN SSHD server are run as the correct user - i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager on
> the SSHD server, and those processes show as being run as the user I SSH'd
> in as, the way it should be.
> So it looks like this bug is specifically when accessing files or directory
> contents. I literally run a "ls -l" command from the local CYGWIN shell on
> the SSHD server, against a file share that I have no access to, and get a
> permission denied. I run the exact same command, SSH'd into that same box as
> the same user against the same file share, and this time I can list the
> directory contents. Same results with "cat"ing files in those directories.
> What gives?
> Any help on this VERY much appreciated!!!
In general, you need to be able to cut and paste the errors you are
seeing versus using words to describe them. There are several
different things that what you are describing could look like so
without that extra data it is hard to figure out how to duplicate what
you might be seeing.
Stephen J Smoogen.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple