Hi,


there's a change made to 4.4p1, which gave some irritation on the Cygwin
mailing list. It's a change from 20060907:

- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes

This fix for a Solaris specific problem forces everyone - even
non-Solaris users - to have a sshd account on the system.

This leaves behind users which have no admin access to their boxes and
just want to start a private sshd which allows to logon with their own
account.

Looking into the source code it looks like this patch was never meant
to be something other than temporary:

struct passwd *
fakepw(void)
{
[...]
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;

So my question, are there plans to get this working as before at least
for non-Solaris users?


Thanks,
Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev