Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Markus Kuehni wrote: > Background: > Cygwin sshd seems to use a "imperfect" Windows impersonation when using RSA > key authentication so cvsnt still gets "SYSTEM" when calling GetUserName() > in win32getlogin(). > The patch tells getcaller() routine to use the $LOGNAME or $USER environment > variable if getlogin() which calls win32getlogin() returns "SYSTEM". > According to its description, getcaller() is only used for non-critical > stuff such as the $Author substitution. So the patch should in no way affect > security. On the other hand, maybe it would even be save to patch > win32getlogin() generally. It's better to patch win32getlogin as it's a win32 specific problem. I like the idea of checking for "SYSTEM" as it's better than previous solutions. > BTW, does the "imperfect impersonation" of sshd otherwise adversely affect > cvsnt operation? I'm not sure. From a CVSNT point of view it's what we used to use all the time anyway (still do on NT4). However 99% certain it won't work in Win2003, and possibly not in XP SP2 (I've only tested in Win2003 and was unable to get it to work - the CreateToken privilege is now reserved for a very limited subset of processes). http://groups.google.com/groups?threadm=g6ppev8pvl1q2e95c4ma7sgaabrr52n6ov%404ax.com Tony