This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Logging-in using ssh elevates the user privilege.

From: Takashi Yano <takashi dot yano at nifty dot ne dot jp>
To: cygwin at cygwin dot com
Date: Thu, 7 Mar 2019 19:08:05 +0900
Subject: Re: Logging-in using ssh elevates the user privilege.
Dkim-filter: OpenDKIM Filter v2.10.3 conssluserg-06.nifty.com x27A81Js025951
References: <20190307010000.fc28b73739c2dd66e609982b@nifty.ne.jp> <20190306161504.GZ3785@calimero.vinschen.de> <20190306161731.GA3785@calimero.vinschen.de>

Hi Corinna,

On Wed, 6 Mar 2019 17:17:31 +0100 Corinna Vinschen wrote:
> > This is by design, and this is no new behaviour.  As soon as an admin
> > account logs in, seteuid uses the elevated token.  Cygwin is doing that
> > since 2015.
> 
> Actually, since 2010.
> 
> > After all, from an ssh session there would be *no* chance to run
> > administrative tasks if the user would only get a non-elevated token.
> > There's no way to switch to the elevated token from an ssh session.

I understood. It seems better to remove administrator privileges
from users who are normally used, even under UAC feature.

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- Logging-in using ssh elevates the user privilege.
  - From: Takashi Yano
- Re: Logging-in using ssh elevates the user privilege.
  - From: Corinna Vinschen
- Re: Logging-in using ssh elevates the user privilege.
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]