openssh: privilege separation no longer supported on Cygwin?
Marco Atzeri
marco.atzeri@gmail.com
Mon May 29 09:22:00 GMT 2017
On 29/05/2017 07:23, Houder wrote:
> Hi,
>
> Privilege separation in sshd defaults to "sandbox" (as far as
> I understand, "openssh" has implemented a new mechanism).
>
> ... now I remember Corinna writing, that 'sandbox will not be
> an option for Cygwin' ... or words to that effect.
>
> Does this mean, that under Cygwin, privilege separation is no
> longer possible?
>
> ... because, that is, I think, what I am seeing:
>
> - the userid of child sshd is still 'cyg_server' ...
> - and I get an elevated shell when I login ...
>
> Not what I expected ...
>
> Gr. Henri
>
Hi Houder,
please read the last Announcement
https://sourceware.org/ml/cygwin-announce/2017-03/msg00028.html
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
It seems you misunderstood the communication:
- the possibility to NOT use "privilege separation" is deprecated
- "privilege separation" will became mandatory
Regards
Marco
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list