bash/rlogin can get user id different from NT login.

Corinna Vinschen
Sat Dec 8 04:40:00 GMT 2001

On Fri, Dec 07, 2001 at 05:20:58PM -0500, Fletcher, Bob (GEAE, EB&TS) wrote:
> Hello,
> 	Consider the following  passwd under cygwin: (1.3.)
> user1:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> One:/home/user1:/bin/bash
> user2:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> Two:/home/user2:/bin/bash
> 	Note that user1 and user2 two have the same UID. (!)
> If I log in  to W2000 as user2, and start bash, it thinks that I am user1.
> If user1 was silly enough to 
> myhosthame  user1     
>      or god forbid 
> + user1 
> in a Unix .rhosts file, I will have access to that account. 

That's a problem of rhosts authentication.  It's a wide open
security leak.  Better use ssh with password or pubkey authentication.

> I suppose that the simple answer is "don't do that!". You have to keep


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Bug reporting:

More information about the Cygwin mailing list