This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: OpenSSH-4.4p1-1

Charles Wilson wrote:
Corinna Vinschen wrote:
On Oct 11 16:20, Wells, Roger K. wrote:
When I installed this my previous installation broke and now the sshd
server stops immediately when it is started.  Any hints will be

Maybe that's it:

This is bad. Suppose I am a cygwin user on a machine to which I do not have Administrator privileges. Until now, I could run a personal sshd on a unique port, and connect back to my windows box. Now I can't -- because, as a non-Admin, I can't create the sshd user. (and this use case is not a hypothetical; I do this on the job often)

It sounds like this is a technique that would be usable on platforms other than Cygwin, as well.

I consider this a regression -- and what's worse, IMO the patch that imposed this new requirement is dead wrong. Here's a fuller quote of the offending section of the changelog:

 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
   be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes

My translation: even when UsePrivilegeSeparation=no we are STILL going to use privsep. And this misfeature will be imposed across all platforms, just to fix a crash on one platform when using one optional authentication component.

Not nice, not nice at all.

So you're taking it up with the ssh developers (or 'dtucker'), right?

"What's Cygwin?" you ask.
'Tis mostly absurd software
Concerning hippos.

-- Unsubscribe info: Problem reports: Documentation: FAQ:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]