Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <398FC8FE.A3FBFC0@cygnus.com>
Date: Tue, 08 Aug 2000 10:46:54 +0200
From: Corinna Vinschen <vinschen AT cygnus DOT com>
Reply-To: cygwin <cygwin AT sources DOT redhat DOT com>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686)
X-Accept-Language: de, en
MIME-Version: 1.0
To: norbert DOT bladt AT usa DOT net
CC: cygwin <cygwin AT sources DOT redhat DOT com>
Subject: Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]
References: <20000808060822 DOT 22936 DOT qmail AT nwcst316 DOT netaddress DOT usa DOT net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

norbert DOT bladt AT usa DOT net wrote:
> >  Change your /etc/passwd file on the client box so that the
> >  administrator (or your favorite admins member name) has uid 0.
> >  This should allow that admin to use a privileged port when
> >  starting ssh.
> Works ad advertised, i.e. after changing the uid of the
> administrator on the client side to 0 it works.
> Because that was the only change in /etc/passwd I did,
> the user on the server side is reported as "everyone" because
> this user is first in the /etc/passwd on the client side and
> has the uid 0 - as created by mkpasswd.

This prevents everyone one the server side machine to use privileged
ports, including the admin. But that's no problem anymore since I
updated the OpenSSH port on ftp.franken.de as announced yesterday.

> Thanks for this "solution".
> I thought about the other "fix" you mentioned in your
> previous E-Mail. But this seems to be a better way of doing
> it, because we don't have to maintain another derivative of
> a derivative of a derivative of the original OpenBSD sources ;-)

I assume I missed the point here. There's only one port of
OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de.
I changed it yesterday to ignore the uid when trying to use an
explicit port and to fix a bug in scp. The last one is a more important
problem so I suggest using that 2.1.1p4-2 version, nevertheless.
BTW: It has the "open pid file in binmode" fix as well...

I still hope to get the portable OpenSSH maintainers to merge the
Cygwin port in their official build tree but as I mentioned in an
earlier posting they aren't that enthusiastic. I hope they aren't
convinced that "Windows sucks" is a valid argument as it's usual
in some other projects.

> Will this work for other users with uid 0, too ?
> I don't think so, but you know a lot more about NT
> security than me.

It works for each `normal' user on NT now since NT doesn't restrict
well known port access to a privileged sort of user. And it works
for each Cygwin uid now ;-)

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin AT sources DOT redhat DOT com
Red Hat, Inc.
mailto:vinschen AT cygnus DOT com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com