[PATCH] Cygwin: Add SeTcbPrivilege to sshd_server user
Corinna Vinschen
vinschen at redhat.com
Thu Aug 31 02:47:52 EST 2006
Hi,
the below patch adds a Windows NT user right to the sshd_server user
which will be important in an upcoming version of Cygwin. I have a
preliminary implementation which solves the problem that native Windows
processes don't recognize the user name correctly, if the user has
logged in using public key authentication. The new mechanism requires
the SeTcbPrivilege for the user which changes the user context using
setuid. To keep the transition as smooth as possible, I'd like to give
the user this specific right rather early.
Could this be applied to config/cygwin/ssh-host-config before 4.4p1 is
released?
Thanks,
Corinna
Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
retrieving revision 1.19
diff -p -u -r1.19 ssh-host-config
--- contrib/cygwin/ssh-host-config 3 Mar 2006 21:50:32 -0000 1.19
+++ contrib/cygwin/ssh-host-config 30 Aug 2006 16:45:57 -0000
@@ -516,6 +516,7 @@ then
fi
editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
editrights -a SeCreateTokenPrivilege -u sshd_server &&
+ editrights -a SeTcbPrivilege -u sshd_server &&
editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
editrights -a SeDenyNetworkLogonRight -u sshd_server &&
editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list