This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]


norbert.bladt@usa.net wrote:
> >  Change your /etc/passwd file on the client box so that the
> >  administrator (or your favorite admins member name) has uid 0.
> >  This should allow that admin to use a privileged port when
> >  starting ssh.
> Works ad advertised, i.e. after changing the uid of the
> administrator on the client side to 0 it works.
> Because that was the only change in /etc/passwd I did,
> the user on the server side is reported as "everyone" because
> this user is first in the /etc/passwd on the client side and
> has the uid 0 - as created by mkpasswd.

This prevents everyone one the server side machine to use privileged
ports, including the admin. But that's no problem anymore since I
updated the OpenSSH port on ftp.franken.de as announced yesterday.

> Thanks for this "solution".
> I thought about the other "fix" you mentioned in your
> previous E-Mail. But this seems to be a better way of doing
> it, because we don't have to maintain another derivative of
> a derivative of a derivative of the original OpenBSD sources ;-)

I assume I missed the point here. There's only one port of
OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de.
I changed it yesterday to ignore the uid when trying to use an
explicit port and to fix a bug in scp. The last one is a more important
problem so I suggest using that 2.1.1p4-2 version, nevertheless.
BTW: It has the "open pid file in binmode" fix as well...

I still hope to get the portable OpenSSH maintainers to merge the
Cygwin port in their official build tree but as I mentioned in an
earlier posting they aren't that enthusiastic. I hope they aren't
convinced that "Windows sucks" is a valid argument as it's usual
in some other projects.

> Will this work for other users with uid 0, too ?
> I don't think so, but you know a lot more about NT
> security than me.

It works for each `normal' user on NT now since NT doesn't restrict
well known port access to a privileged sort of user. And it works
for each Cygwin uid now ;-)

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin@sources.redhat.com
Red Hat, Inc.
mailto:vinschen@cygnus.com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]