This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]
- To: norbert dot bladt at usa dot net
- Subject: Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]
- From: Corinna Vinschen <vinschen at cygnus dot com>
- Date: Tue, 08 Aug 2000 10:46:54 +0200
- CC: cygwin <cygwin at sources dot redhat dot com>
- References: <20000808060822.22936.qmail@nwcst316.netaddress.usa.net>
- Reply-To: cygwin <cygwin at sources dot redhat dot com>
norbert.bladt@usa.net wrote:
> > Change your /etc/passwd file on the client box so that the
> > administrator (or your favorite admins member name) has uid 0.
> > This should allow that admin to use a privileged port when
> > starting ssh.
> Works ad advertised, i.e. after changing the uid of the
> administrator on the client side to 0 it works.
> Because that was the only change in /etc/passwd I did,
> the user on the server side is reported as "everyone" because
> this user is first in the /etc/passwd on the client side and
> has the uid 0 - as created by mkpasswd.
This prevents everyone one the server side machine to use privileged
ports, including the admin. But that's no problem anymore since I
updated the OpenSSH port on ftp.franken.de as announced yesterday.
> Thanks for this "solution".
> I thought about the other "fix" you mentioned in your
> previous E-Mail. But this seems to be a better way of doing
> it, because we don't have to maintain another derivative of
> a derivative of a derivative of the original OpenBSD sources ;-)
I assume I missed the point here. There's only one port of
OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de.
I changed it yesterday to ignore the uid when trying to use an
explicit port and to fix a bug in scp. The last one is a more important
problem so I suggest using that 2.1.1p4-2 version, nevertheless.
BTW: It has the "open pid file in binmode" fix as well...
I still hope to get the portable OpenSSH maintainers to merge the
Cygwin port in their official build tree but as I mentioned in an
earlier posting they aren't that enthusiastic. I hope they aren't
convinced that "Windows sucks" is a valid argument as it's usual
in some other projects.
> Will this work for other users with uid 0, too ?
> I don't think so, but you know a lot more about NT
> security than me.
It works for each `normal' user on NT now since NT doesn't restrict
well known port access to a privileged sort of user. And it works
for each Cygwin uid now ;-)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com