This is the mail archive of the
mailing list for the Cygwin project.
Re: openssh: privilege separation no longer supported on Cygwin?
- From: Marco Atzeri <marco dot atzeri at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 29 May 2017 10:39:28 +0200
- Subject: Re: openssh: privilege separation no longer supported on Cygwin?
- Authentication-results: sourceware.org; auth=none
- References: <firstname.lastname@example.org>
On 29/05/2017 07:23, Houder wrote:
Privilege separation in sshd defaults to "sandbox" (as far as
I understand, "openssh" has implemented a new mechanism).
... now I remember Corinna writing, that 'sandbox will not be
an option for Cygwin' ... or words to that effect.
Does this mean, that under Cygwin, privilege separation is no
... because, that is, I think, what I am seeing:
- the userid of child sshd is still 'cyg_server' ...
- and I get an elevated shell when I login ...
Not what I expected ...
please read the last Announcement
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
It seems you misunderstood the communication:
- the possibility to NOT use "privilege separation" is deprecated
- "privilege separation" will became mandatory
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple