Web lists-archives.com

Logging-in using ssh elevates the user privilege.




Hello,

I would like to report a problem of recent cygwin.

If a user logs in via ssh, the user aqcuires the elevated
privilege if the user belongs to Administrators group.

The following log is the example of the behaviour.

[yano@Express5800-S70 ~]$ touch /cygdrive/c/windows/testfile
touch: cannot touch '/cygdrive/c/windows/testfile': Permission denied
[yano@Express5800-S70 ~]$ ssh localhost
yano@localhost's password:
Last login: Thu Mar  7 00:06:21 2019 from ::1
CYGWIN_NT-10.0-WOW Express5800-S70 3.0.2(0.338/5/3) 2019-03-05 19:01 i686 Cygwin
[yano@Express5800-S70 ~]$ touch /cygdrive/c/windows/testfile
[yano@Express5800-S70 ~]$ rm /cygdrive/c/windows/testfile
[yano@Express5800-S70 ~]$ exit
logout
Connection to localhost closed.
[yano@Express5800-S70 ~]$

Because of this behaviour, the process started in a ssh
session cannot be killed from a normal mintty session.

This also causes gnu screen to freeze.

To reproduce this:
(1) Start screen in mintty window.
(2) Detatch from the screen (Ctrl-A d).
(3) Login via ssh.
(4) Attach screen by 'screen -r' in ssh session.
(5) Detach from the screen (Ctrl-A d).
(6) screen freezes and is not terminated normally.

This does not occur if the user does not belong to
Administrators group.

I guess this is a problem of setuid codes.

-- 
Takashi Yano <takashi.yano@xxxxxxxxxxx>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple