Possible Security Hole in SSHD w/ CYGWIN?
Erik Soderquist
ErikSoderquist@gmail.com
Thu Feb 18 17:10:00 GMT 2016
On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
<snip>>
> I implemented and tested the idea and it seems to work. Note that the
> underlying problem that we can't generate our own login session when using
> method 1 persists. However, the new code should avoid spilling cyg_server
> credentials into the user session.
>
> Please give the new Cygwin test release 2.5.0-0.4
> (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
I've installed the test release and am no longer able to reproduce the
issue; I get the expected "access denied" on all network shares as I
should on this test account. (pub key auth, no password stored with
"passwd -R")
:)
-- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list