This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Logging-in using ssh elevates the user privilege.

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Wed, 6 Mar 2019 17:15:04 +0100
Subject: Re: Logging-in using ssh elevates the user privilege.
References: <20190307010000.fc28b73739c2dd66e609982b@nifty.ne.jp>
Reply-to: cygwin at cygwin dot com

On Mar  7 01:00, Takashi Yano wrote:
> Hello,
> 
> I would like to report a problem of recent cygwin.
> 
> If a user logs in via ssh, the user aqcuires the elevated
> privilege if the user belongs to Administrators group.

This is by design, and this is no new behaviour.  As soon as an admin
account logs in, seteuid uses the elevated token.  Cygwin is doing that
since 2015.

After all, from an ssh session there would be *no* chance to run
administrative tasks if the user would only get a non-elevated token.
There's no way to switch to the elevated token from an ssh session.

Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: Logging-in using ssh elevates the user privilege.
  - From: Corinna Vinschen

References:
- Logging-in using ssh elevates the user privilege.
  - From: Takashi Yano

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]