Possible Security Hole in SSHD w/ CYGWIN?
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Feb 19 11:10:00 GMT 2016
On Feb 18 12:10, Erik Soderquist wrote:
> On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> <snip>>
> > I implemented and tested the idea and it seems to work. Note that the
> > underlying problem that we can't generate our own login session when using
> > method 1 persists. However, the new code should avoid spilling cyg_server
> > credentials into the user session.
> >
> > Please give the new Cygwin test release 2.5.0-0.4
> > (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
>
> I've installed the test release and am no longer able to reproduce the
> issue; I get the expected "access denied" on all network shares as I
> should on this test account. (pub key auth, no password stored with
> "passwd -R")
>
> :)
Thanks for testing, I really appreciate that.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160219/13ae73d0/attachment.sig>
More information about the Cygwin
mailing list