Possible Security Hole in SSHD w/ CYGWIN?

Erik Soderquist ErikSoderquist@gmail.com
Thu Feb 18 17:10:00 GMT 2016

On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> I implemented and tested the idea and it seems to work.  Note that the
> underlying problem that we can't generate our own login session when using
> method 1 persists.  However, the new code should avoid spilling cyg_server
> credentials into the user session.
> Please give the new Cygwin test release 2.5.0-0.4
> (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.

I've installed the test release and am no longer able to reproduce the
issue; I get the expected "access denied" on all network shares as I
should on this test account.  (pub key auth, no password stored with
"passwd -R")


-- Erik

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list