Logging-in using ssh elevates the user privilege.

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Mar 6 16:17:00 GMT 2019


On Mar  6 17:15, Corinna Vinschen wrote:
> On Mar  7 01:00, Takashi Yano wrote:
> > Hello,
> > 
> > I would like to report a problem of recent cygwin.
> > 
> > If a user logs in via ssh, the user aqcuires the elevated
> > privilege if the user belongs to Administrators group.
> 
> This is by design, and this is no new behaviour.  As soon as an admin
> account logs in, seteuid uses the elevated token.  Cygwin is doing that
> since 2015.

Actually, since 2010.

> 
> After all, from an ssh session there would be *no* chance to run
> administrative tasks if the user would only get a non-elevated token.
> There's no way to switch to the elevated token from an ssh session.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190306/5f4737ea/attachment.sig>


More information about the Cygwin mailing list