sshd_config AllowStreamLocalForwarding *remote not possible* / effectively privsep off

Shaddy Baddah
Tue Aug 8 01:40:55 GMT 2023


I've just updated the subject line for accuracy. Only remote/reverse
unix socket forwarding fails.

Further, I have a clarification that might have significance:

On 8/08/2023 3:40 am, Corinna Vinschen via Cygwin wrote:
 > On Aug  7 22:11, Shaddy Baddah via Cygwin wrote:
 >> DISABLE_FD_PASS is always set by autoconf for Cygwin. And my reading is
 >> that not having that capability effectively means whatever the other
 >> criteria, the executing process doesn't have sufficient "separation" of
 >> privilege to be treated in the same manner.

Perhaps contrary to expectation, with the more conventional
remote/reverse TCP port forwarding, with Cygwin sshd, the LISTEN port
exists in the, is it called the monitor
( sshd

So something like:

|ssh> -R 12345:22

will result in a (confirmed by netstat) LISTEN port in the SYSTEM owned
sshd process, which is the parent of the non-privileged owned sshd

I'm not suggesting that this is not a considered situation, because to
my knowledge, it's a much different situation allowing an ssh user to
manipulate the filesystem (for unix sockets), as SYSTEM. Than using
netsocks as SYSTEM to try and bind TCP ports... I think???

But it certainly aligns with my newfound understanding of Cygwin's
"trade-off" form of privilege separation.


More information about the Cygwin mailing list