This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Logging-in using ssh elevates the user privilege.

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Wed, 6 Mar 2019 17:17:31 +0100
Subject: Re: Logging-in using ssh elevates the user privilege.
References: <20190307010000.fc28b73739c2dd66e609982b@nifty.ne.jp> <20190306161504.GZ3785@calimero.vinschen.de>
Reply-to: cygwin at cygwin dot com

On Mar  6 17:15, Corinna Vinschen wrote:
> On Mar  7 01:00, Takashi Yano wrote:
> > Hello,
> > 
> > I would like to report a problem of recent cygwin.
> > 
> > If a user logs in via ssh, the user aqcuires the elevated
> > privilege if the user belongs to Administrators group.
> 
> This is by design, and this is no new behaviour.  As soon as an admin
> account logs in, seteuid uses the elevated token.  Cygwin is doing that
> since 2015.

Actually, since 2010.

> 
> After all, from an ssh session there would be *no* chance to run
> administrative tasks if the user would only get a non-elevated token.
> There's no way to switch to the elevated token from an ssh session.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: Logging-in using ssh elevates the user privilege.
  - From: Takashi Yano

References:
- Logging-in using ssh elevates the user privilege.
  - From: Takashi Yano
- Re: Logging-in using ssh elevates the user privilege.
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]