openssh: privilege separation no longer supported on Cygwin? SURPRISE!
Houder
houder@xs4all.nl
Tue May 30 03:49:00 GMT 2017
On 2017-05-29 21:57, Andrey Repin wrote:
> Greetings, Houder!
>
>> - however, the userid of the grandchild of the sshd listener, is
>> STILL
>> cyg_server ... NOT sshd!
>
> Exactly. cyg_server is the user which does impersonation.
> You've been told that when you've been setting up your host.
http://www.citi.umich.edu/u/provos/ssh/privsep.html
https://security.stackexchange.com/questions/115896/can-someone-explain-how-sshd-does-privilege-separation
https://cygwin.com/ml/cygwin/2017-05/msg00468.html
>> As if the "sshd" account is NEVER, NEVER used during the _whole_
>> process
>> (that is, there is NO privilege separation, as far as I can tell).
>
> As far as it is documented.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list