This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible Security Hole in SSHD w/ CYGWIN?


On Feb 18 12:10, Erik Soderquist wrote:
> On Thu, Feb 18, 2016 at 10:12 AM, Corinna Vinschen wrote:
> <snip>>
> > I implemented and tested the idea and it seems to work.  Note that the
> > underlying problem that we can't generate our own login session when using
> > method 1 persists.  However, the new code should avoid spilling cyg_server
> > credentials into the user session.
> >
> > Please give the new Cygwin test release 2.5.0-0.4
> > (https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html) a try.
> 
> I've installed the test release and am no longer able to reproduce the
> issue; I get the expected "access denied" on all network shares as I
> should on this test account.  (pub key auth, no password stored with
> "passwd -R")
> 
> :)

Thanks for testing, I really appreciate that.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]