X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=yEepOIdF5diDa3MCTNLCoMjnCs9NDaHtLd4UpgzqdkQRxFt44vXxk
	gprXO6T2rGCteVn5qTTPrJ9jPgEm4ob6Hzu+kxxU10d1F1KtzDIznW+S4zHfFNyZ
	vwY54C9nmPlHvwgzCAgX+ztb3uAQdiOhYLc8NBhRZMUYAkR6o3yJ7U=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=Lj5wPkf1OkkCYk4RVcmRyifKxvQ=; b=Hcyku1dF+4hnzlRGZIa5Qry+mAc/
	mzKKaEtCia0lGkj/XgUsse6c3NBbiUC2ALekbRq1L4EF3i9blTZtoaKfoiBlF4CJ
	+aqvOAjMQXgYtXcbPaiWi8zEM1ajoY/xFmxqTM0C5jg/SyPZZ90KkN7WwO8Px7sE
	eMEMDVV+HeIp6Bo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-94.7 required=5.0 tests=BAYES_40,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=soderquist, Soderquist, H*i:sk:CACoZoo, H*f:sk:5BEErEQ
X-HELO: calimero.vinschen.de
Date: Fri, 19 Feb 2016 12:10:06 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?
Message-ID: <20160219111006.GB18354@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <023901d165e4$925507d0$b6ff1770$@comcast.net> <87d1s1c8ld DOT fsf AT Rainer DOT invalid> <CACoZoo3R4CDcgTMMex9QZ=Wh9a8CDvyUHpqj5+Br5xYFvGHvuQ AT mail DOT gmail DOT com> <87a8n38t3r DOT fsf AT Rainer DOT invalid> <CACoZoo3831x0PVOQ9j6zh+Q4EE4-LFNV7KQsgeyooPJmvM7qVA AT mail DOT gmail DOT com> <20160215121101 DOT GC7085 AT calimero DOT vinschen DOT de> <003801d1693f$6a5d71a0$3f1854e0$@comcast.net> <20160217094335 DOT GA5722 AT calimero DOT vinschen DOT de> <20160218151257 DOT GA14838 AT calimero DOT vinschen DOT de> <CACoZoo2RCR8Eo6sGdD+5BEErEQ7xg0t9bij1_c9YdegV-GD_pQ AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="ftEhullJWpWg/VHq"
Content-Disposition: inline
In-Reply-To: <CACoZoo2RCR8Eo6sGdD+5BEErEQ7xg0t9bij1_c9YdegV-GD_pQ@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)

--ftEhullJWpWg/VHq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 18 12:10, Erik Soderquist wrote:
> On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> <snip>>
> > I implemented and tested the idea and it seems to work.  Note that the
> > underlying problem that we can't generate our own login session when us=
ing
> > method 1 persists.  However, the new code should avoid spilling cyg_ser=
ver
> > credentials into the user session.
> >
> > Please give the new Cygwin test release 2.5.0-0.4
> > (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
>=20
> I've installed the test release and am no longer able to reproduce the
> issue; I get the expected "access denied" on all network shares as I
> should on this test account.  (pub key auth, no password stored with
> "passwd -R")
>=20
> :)

Thanks for testing, I really appreciate that.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--ftEhullJWpWg/VHq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWxvgOAAoJEPU2Bp2uRE+gy60P/RDlCCNreMUb9Ll/VFgMmQSn
FJmIp+lryEQvEfZebG6ud5b69WJwdtv3+riZ2IoA46Zgs1AHa1pWaxCtTnmmrIGY
Oscbk9HC6zYD03MmbCMHZ2N7KE9bkxWa1wAb4M/Kg46cwwLkpM0230td8l6Xtmwm
O1lv6wlVc/Tk29+x90vWbvhLe44xGzyJcOr3lO5jNLc4Uxk3EPUUxz1Q8zjDBOIB
66lnGSpvqunl2/rvIIND9IDioWVZc65uy2ckvoevuheD3oqm+CcJThpJ6rIznYNS
GaXD1XHz3EoHD59+t+YsFNLVJdzTyCI4Vri2RFQ+0DypzZ/LYjga0JVRRFogoyWg
ycxNkRri1XJIaz8efscDyT7Q4zUjFL1ZMBcf4AqculU9ayMGPm59rEoRvh4DpsAm
XXVs33uWp3ES8qapAtPykCRFgSsS+R325FQ07GLo/tYnOtbH4jNZ7FtFsrHTg2Wi
HDmnkqx74fWX7GXlIyPYMAnWs9vo/8HVwiv6hlGYRQ3xf4eOsaKUqNw63nf576oN
xm437w/HBS8YndQtb4VfIujDTFRc5hNMMXaflFYAuYGFOieaevKy8FnZ9ihe897f
I6avTOYPybJust/5sPWjZsJISz7dcAG79Z8BwKzqFLx4JSDFEzf32TRHDz6rUz3z
P932n2tDHZloreV0wPk5
=BSp+
-----END PGP SIGNATURE-----

--ftEhullJWpWg/VHq--