sshd_config AllowStreamLocalForwarding *remote not possible* / effectively privsep off
Shaddy Baddah
lithium-cygwin@shaddybaddah.name
Tue Aug 8 01:40:55 GMT 2023
Hi,
I've just updated the subject line for accuracy. Only remote/reverse
unix socket forwarding fails.
Further, I have a clarification that might have significance:
On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote:
> On Aug 7 22:11, Shaddy Baddah via Cygwin wrote:
..
>
>> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
>> that not having that capability effectively means whatever the other
>> criteria, the executing process doesn't have sufficient "separation" of
>> privilege to be treated in the same manner.
Perhaps contrary to expectation, with the more conventional
remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port
exists in the, is it called the monitor
(http://www.citi.umich.edu/u/provos/ssh/priv.jpg)/intermediatary sshd
process.
So something like:
|>~C
|ssh> -R 12345:22
will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned
sshd process, which is the parent of the non-privileged owned sshd
process.
I'm not suggesting that this is not a considered situation, because to
my knowledge, it's a much different situation allowing an ssh user to
manipulate the filesystem (for unix sockets), as SYSTEM. Than using
netsocks as SYSTEM to try and bind TCP ports... I think???
But it certainly aligns with my newfound understanding of Cygwin's
"trade-off" form of privilege separation.
--
Regards,
Shaddy
More information about the Cygwin
mailing list