This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible Security Hole in SSHD w/ CYGWIN?


On 9 February 2016 at 21:39, David Willis <david_willis@comcast.net> wrote:
> Just to add an update to this, it appears that processes run from the shell
> while logged into the CYGWIN SSHD server are run as the correct user - i.e.
> I run a ping or cat a file and pipe it to less, and check Task Manager on
> the SSHD server, and those processes show as being run as the user I SSH'd
> in as, the way it should be.
>
> So it looks like this bug is specifically when accessing files or directory
> contents. I literally run a "ls -l" command from the local CYGWIN shell on
> the SSHD server, against a file share that I have no access to, and get a
> permission denied. I run the exact same command, SSH'd into that same box as
> the same user against the same file share, and this time I can list the
> directory contents. Same results with "cat"ing files in those directories.
> What gives?
>
> Any help on this VERY much appreciated!!!
>

In general, you need to be able to cut and paste the errors you are
seeing versus using words to describe them. There are several
different things that what you are describing could look like so
without that extra data it is hard to figure out how to duplicate what
you might be seeing.

-- 
Stephen J Smoogen.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]