This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] Globally creating a user and a group "root"


On Wed, Nov 12, 2003 at 05:37:33AM -0500, Pierre A. Humblet wrote:
> At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote:
> >On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote:
> >> It autodetects if it is privileged and, if so, setgid(544) & setuid(18)
> >> to normalize its environment (that was done with Windows 2003 in mind).
> >
> >I don't understand.  You were the one who figured out the 2003 problem
> >with the SYSTEM account.  So, erm...
> 
> No sure what you mean. Recall that when we setuid(18) we use the privileges
> that are defined for SYSTEM in security.cc, not those that MS assigns on 2003.

I don't understand the "that was done with Windows 2003 in mind".
Setting the uid to 18 in exim seems counterproductive in that environment.

> >Anyway, I think we should add "root/0" to /etc/group so that it comes
> >before the "administrators/544" entry right from the beginning.  What
> >happens in an exim installation then?
> 
> Actually it works just fine, and both 544 and 0 appear in id.
> Patting myself on the back :)

Cool :-)

> I have one extra comment: Cygwin introduces a number of security holes,
> which I have started to plug. The fixes to the biggest ones
> (PROCESS_DUP_HANDLE)
> seem to be stalled, and there are still a number of other patches to come.

I've tested your patch already a while ago and it seemed to work fine.
It's Chris call.

> By introducing the root user on 2003 we are undoing positive steps taken by
> MS. 

Well, I don't see these steps as positive.  To me it looks like healing
the effect, not the cause.  From my point of view, the whole authentication
problems and the missing suid/sgid bit concept are a design flaw.  YMMV.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]