[PATCH] Cygwin: rel 3.0 drops requirement for privileged non-SYSTEM account
Corinna Vinschen
vinschen at redhat.com
Tue Feb 19 01:01:52 AEDT 2019
On Feb 17 10:02, Corinna Vinschen wrote:
> On Feb 17 14:47, David Newall wrote:
> > On 16/2/19 11:51 pm, Corinna Vinschen wrote:
> > > Seteuid now creates user token using S4U. We don't create a token
> > > from scratch anymore, so we don't need the "Create a process token"
> > > privilege. The service can run under SYSTEM again.
> >
> > It seems like your patch breaks OpenSSH on Windows Vista, Server 2003, and
> > possibly others. I oppose changes that needlessly break systems.
>
> - Windows 2003 isn't supported by Cygwin anymore
>
> - S4U has been introduced with Windows 2003
>
> - Vista is newer than Windows 2003
But then again...
...it turns out that Microsoft apparently did not implement S4U for
non-domain machines on the WOW64 32 bit emulation layer on 64 bit
machines. So if somebody is running a 32 bit Cygwin on a 64 bit
Windows, pubkey authentication for local machine accounts is broken.
Oh well.
I withdraw this patch for now.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190218/6d85d3c2/attachment.asc>
More information about the openssh-unix-dev
mailing list