This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Possible Security Hole in SSHD w/ CYGWIN?


Hmm, storing the password in the registry would probably not be optimal... I
would probably rather deal with lack of network share access from SSH
sessions than store a plaintext password (haven't tested it so I can't say
for sure, but since I see no mention of encrypting or hashing the password
I'm guessing it is stored in plaintext)...

For authenticated access within a session, I would think it would be better
if the user was prompted to enter their password when attempting to access a
share, similar to what happens when attempting to access a share via Windows
Explorer (if you don't already have access with your currently logged on
credentials). I think based on everything I've found out this would be the
best solution to this scenario for SSH users that log in using key
authentication.

And to your second point, that is also what I would expect, is that if
anything there would be NO network access, rather than access based on the
account that the sshd process is running as, regardless of its access.
However what I gathered from Achim's message is that the access level of
cyg_server is precisely the reason the user would have network share access
with that account's privileges.

Thanks,

David

-----Original Message-----
From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com] On Behalf Of
Erik Soderquist
Sent: Saturday, February 13, 2016 4:34 PM
To: cygwin@cygwin.com
Subject: Re: Possible Security Hole in SSHD w/ CYGWIN?

On Sat, Feb 13, 2016 at 4:15 PM, David Willis  wrote:
<snip>
> So you're telling me any user that logs in using key authentication 
> cannot access the network as the same user (i.e. this is the intended 
> behavior)? If that's the case wouldn't it be better not to allow 
> network access at ALL, rather than allowing it as the service account that
sshd is running as?

Responding to only this one piece at present

from https://cygwin.com/cygwin-ug-net/passwd.html

{{
-R, --reg-store-pwd      enter password to store it in the registry for
                           later usage by services to be able to switch
                           to this user context with network credentials.
}}
{{
Don't use this feature if you don't need network access within a remote
session.  You can delete your stored password by using `passwd -R' and
specifying an empty password.
}}

Since there are explicit instructions on how to store your Windows password
in a way that Cygwin sshd (and other Cygwin services) can use the password
for network authentication and that it says not to store the credentials if
you do not need network access when authenticating via public key, I would
make the logical assumptions that

#1: authenticated network access is supposed to be possible inside a public
key authenticated ssh session

#2: without storing the password as described, I should have no network
access at all, not the cyg_server account's network access (regardless of
how much or little access the cyg_server account has).

<snip>

-- Erik


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]