sshd_config AllowStreamLocalForwarding *remote not possible* / effectively privsep off
Tue Aug 8 01:40:55 GMT 2023
I've just updated the subject line for accuracy. Only remote/reverse
unix socket forwarding fails.
Further, I have a clarification that might have significance:
On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote:
> On Aug 7 22:11, Shaddy Baddah via Cygwin wrote:
>> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
>> that not having that capability effectively means whatever the other
>> criteria, the executing process doesn't have sufficient "separation" of
>> privilege to be treated in the same manner.
Perhaps contrary to expectation, with the more conventional
remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port
exists in the, is it called the monitor
So something like:
|ssh> -R 12345:22
will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned
sshd process, which is the parent of the non-privileged owned sshd
I'm not suggesting that this is not a considered situation, because to
my knowledge, it's a much different situation allowing an ssh user to
manipulate the filesystem (for unix sockets), as SYSTEM. Than using
netsocks as SYSTEM to try and bind TCP ports... I think???
But it certainly aligns with my newfound understanding of Cygwin's
"trade-off" form of privilege separation.
More information about the Cygwin