Updated: OpenSSH-4.4p1-1

[Matthew Woehlke]

Charles Wilson wrote:
> Corinna Vinschen wrote:
>> On Oct 11 16:20, Wells, Roger K. wrote:
>>> When I installed this my previous installation broke and now the sshd
>>> server stops immediately when it is started.  Any hints will be
>>> appreciated.
>>> thanks
>>
>> Maybe that's it: http://cygwin.com/ml/cygwin/2006-10/msg00250.html
> 
> This is bad.  Suppose I am a cygwin user on a machine to which I do not 
> have Administrator privileges.  Until now, I could run a personal sshd 
> on a unique port, and connect back to my windows box.  Now I can't -- 
> because, as a non-Admin, I can't create the sshd user.  (and this use 
> case is not a hypothetical; I do this on the job often)

It sounds like this is a technique that would be usable on platforms 
other than Cygwin, as well.

> I consider this a regression -- and what's worse, IMO the patch that 
> imposed this new requirement is dead wrong.  Here's a fuller quote of 
> the offending section of the changelog:
> 
>>  - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
>>    be used to drop privilege to; fixes Solaris GSSAPI crash reported by
>>    Magnus Abrante; suggestion and feedback dtucker@
>>    NB. this change will require that the privilege separation user must
>>    exist on all the time, not just when UsePrivilegeSeparation=yes
> 
> My translation: even when UsePrivilegeSeparation=no we are STILL going 
> to use privsep.  And this misfeature will be imposed across all 
> platforms, just to fix a crash on one platform when using one optional 
> authentication component.
> 
> Not nice, not nice at all.

So you're taking it up with the ssh developers (or 'dtucker'), right?

-- 
Matthew
"What's Cygwin?" you ask.
'Tis mostly absurd software
Concerning hippos.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/