This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: OpenSSH-4.4p1-1


Corinna Vinschen wrote:
On Oct 11 16:20, Wells, Roger K. wrote:
When I installed this my previous installation broke and now the sshd
server stops immediately when it is started.  Any hints will be
appreciated.
thanks

Maybe that's it: http://cygwin.com/ml/cygwin/2006-10/msg00250.html

This is bad. Suppose I am a cygwin user on a machine to which I do not have Administrator privileges. Until now, I could run a personal sshd on a unique port, and connect back to my windows box. Now I can't -- because, as a non-Admin, I can't create the sshd user. (and this use case is not a hypothetical; I do this on the job often)


I consider this a regression -- and what's worse, IMO the patch that imposed this new requirement is dead wrong. Here's a fuller quote of the offending section of the changelog:

 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
   be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes

My translation: even when UsePrivilegeSeparation=no we are STILL going to use privsep. And this misfeature will be imposed across all platforms, just to fix a crash on one platform when using one optional authentication component.

Not nice, not nice at all.

--
Chuck


-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]