This is the mail archive of the
mailing list for the Cygwin project.
Re: Updated: OpenSSH-4.4p1-1
Charles Wilson wrote:
Corinna Vinschen wrote:
On Oct 11 16:20, Wells, Roger K. wrote:
When I installed this my previous installation broke and now the sshd
server stops immediately when it is started. Any hints will be
Maybe that's it: http://cygwin.com/ml/cygwin/2006-10/msg00250.html
This is bad. Suppose I am a cygwin user on a machine to which I do not
have Administrator privileges. Until now, I could run a personal sshd
on a unique port, and connect back to my windows box. Now I can't --
because, as a non-Admin, I can't create the sshd user. (and this use
case is not a hypothetical; I do this on the job often)
It sounds like this is a technique that would be usable on platforms
other than Cygwin, as well.
I consider this a regression -- and what's worse, IMO the patch that
imposed this new requirement is dead wrong. Here's a fuller quote of
the offending section of the changelog:
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
My translation: even when UsePrivilegeSeparation=no we are STILL going
to use privsep. And this misfeature will be imposed across all
platforms, just to fix a crash on one platform when using one optional
Not nice, not nice at all.
So you're taking it up with the ssh developers (or 'dtucker'), right?
"What's Cygwin?" you ask.
'Tis mostly absurd software
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html