Re: [PATCH] Cygwin: rel 3.0 drops requirement for privileged non-SYSTEM account

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Feb 17 10:02, Corinna Vinschen wrote:
> On Feb 17 14:47, David Newall wrote:
> > On 16/2/19 11:51 pm, Corinna Vinschen wrote:
> > > Seteuid now creates user token using S4U.  We don't create a token
> > > from scratch anymore, so we don't need the "Create a process token"
> > > privilege.  The service can run under SYSTEM again.
> > 
> > It seems like your patch breaks OpenSSH on Windows Vista, Server 2003, and
> > possibly others.  I oppose changes that needlessly break systems.
> 
> - Windows 2003 isn't supported by Cygwin anymore
> 
> - S4U has been introduced with Windows 2003
> 
> - Vista is newer than Windows 2003

But then again...

...it turns out that Microsoft apparently did not implement S4U for
non-domain machines on the WOW64 32 bit emulation layer on 64 bit
machines.  So if somebody is running a 32 bit Cygwin on a 64 bit
Windows, pubkey authentication for local machine accounts is broken.

Oh well.

I withdraw this patch for now.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux