This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 29/05/2017 07:23, Houder wrote:
Hi, Privilege separation in sshd defaults to "sandbox" (as far as I understand, "openssh" has implemented a new mechanism). ... now I remember Corinna writing, that 'sandbox will not be an option for Cygwin' ... or words to that effect. Does this mean, that under Cygwin, privilege separation is no longer possible? ... because, that is, I think, what I am seeing: - the userid of child sshd is still 'cyg_server' ... - and I get an elevated shell when I login ... Not what I expected ... Gr. Henri
Hi Houder, please read the last Announcement https://sourceware.org/ml/cygwin-announce/2017-03/msg00028.html * This release deprecates the sshd_config UsePrivilegeSeparation option, thereby making privilege separation mandatory. Privilege separation has been on by default for almost 15 years and sandboxing has been on by default for almost the last five. It seems you misunderstood the communication: - the possibility to NOT use "privilege separation" is deprecated - "privilege separation" will became mandatory Regards Marco -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |