This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] Globally creating a user and a group "root"


At 12:33 PM 11/12/2003 +0100, Corinna Vinschen wrote:
>On Wed, Nov 12, 2003 at 05:37:33AM -0500, Pierre A. Humblet wrote:
>> At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote:
>> >On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote:
>> >> It autodetects if it is privileged and, if so, setgid(544) & setuid(18)
>> >> to normalize its environment (that was done with Windows 2003 in mind).
>> >
>> >I don't understand.  You were the one who figured out the 2003 problem
>> >with the SYSTEM account.  So, erm...
>> 
>> No sure what you mean. Recall that when we setuid(18) we use the privileges
>> that are defined for SYSTEM in security.cc, not those that MS assigns on
2003.
>
>I don't understand the "that was done with Windows 2003 in mind".
>Setting the uid to 18 in exim seems counterproductive in that environment.

The problem I was addressing is that on 2003 users create a privileged
account with an arbitrary uid (up to now). On the other hand Exim (which is
suid on a real Unix system) enters a restricted mode if the uid isn't a 
predefined hard coded value (0 on Unix, 18 in Cygwin). So I have a front
end that setuid to 18 if the real user is privileged. The main exim code only 
sees 18 and behaves without restrictions. 
   
>
>> By introducing the root user on 2003 we are undoing positive steps taken by
>> MS. 
>
>Well, I don't see these steps as positive.  To me it looks like healing
>the effect, not the cause.  From my point of view, the whole authentication
>problems and the missing suid/sgid bit concept are a design flaw.  YMMV.

OK, perhaps positive isn't the right word. But what MS did does increase
security. 

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]