[Bug 2885] New: sshd is not using chroot and privsep on default cygwin install any more

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2885

            Bug ID: 2885
           Summary: sshd is not using chroot and privsep on default cygwin
                    install any more
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Cygwin on NT/2k/W7/W8/W10
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: Christian.Lupien at USherbrooke.ca

I think that since commit d13281f2964abc5f2e535e1613c77fc61b0c53e7
sshd under cygwin is no longer using privsep by default.

I was trying to test which sshd account the program was using for
privsep (I had a local and a domain sshd account). However I was unable
to see any use of it (nor any errors). I looked at the "ps -a" output,
also at the output of "sshd -d -d -d" and even tried strace but could
not find it anywhere.

I then looked at the code. Most the places in the code where
  getuid() == 0
is used it the code is special cased for cgywin but the change
introduced by the commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 did
not.

Therefore, privsep under cygwin seems to be disabled unless the account
under which sshd is executed is forced to have uid=0 (by changing the
/etc/passwd file).

I did try the forcing uid=0 in the passwd file and that worked (I saw
the sshd account being used and chroot executed.)

I have not tried modifying the code and recompiling it but probably
replacing (part of line 1734)
  getuid() == 0 || geteuid() == 0
with
  platform_privileged_uidswap()
would work.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.