Updated: OpenSSH-4.4p1-1
Charles Wilson
cygwin@cwilson.fastmail.fm
Fri Oct 13 15:21:00 GMT 2006
Corinna Vinschen wrote:
> On Oct 11 16:20, Wells, Roger K. wrote:
>> When I installed this my previous installation broke and now the sshd
>> server stops immediately when it is started. Any hints will be
>> appreciated.
>> thanks
>
> Maybe that's it: http://cygwin.com/ml/cygwin/2006-10/msg00250.html
This is bad. Suppose I am a cygwin user on a machine to which I do not
have Administrator privileges. Until now, I could run a personal sshd
on a unique port, and connect back to my windows box. Now I can't --
because, as a non-Admin, I can't create the sshd user. (and this use
case is not a hypothetical; I do this on the job often)
I consider this a regression -- and what's worse, IMO the patch that
imposed this new requirement is dead wrong. Here's a fuller quote of
the offending section of the changelog:
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
My translation: even when UsePrivilegeSeparation=no we are STILL going
to use privsep. And this misfeature will be imposed across all
platforms, just to fix a crash on one platform when using one optional
authentication component.
Not nice, not nice at all.
--
Chuck
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list