Possible Security Hole in SSHD w/ CYGWIN?

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Feb 19 11:10:00 GMT 2016

On Feb 18 12:10, Erik Soderquist wrote:
> On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> <snip>>
> > I implemented and tested the idea and it seems to work.  Note that the
> > underlying problem that we can't generate our own login session when using
> > method 1 persists.  However, the new code should avoid spilling cyg_server
> > credentials into the user session.
> >
> > Please give the new Cygwin test release 2.5.0-0.4
> > (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
> I've installed the test release and am no longer able to reproduce the
> issue; I get the expected "access denied" on all network shares as I
> should on this test account.  (pub key auth, no password stored with
> "passwd -R")
> :)

Thanks for testing, I really appreciate that.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160219/13ae73d0/attachment.sig>

More information about the Cygwin mailing list