This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Corinna or Pierre please comment? [jason@tishler.net: Re: setuid


Corinna Vinschen wrote:

> Thanks but I don't see why you removed the call to get_user_primary_group().
> You now rely fully on /etc/passwd and /etc/group containing the correct
> information.  Before, prgpsid has been set to a value if it was NULL, now
> it's only used for checking.  This would result in
> 
>   pgrp.PrimaryGroup = NULL;
> 
> in the calling create_token() function.  Which probably results in
> a failing NtCreateToken() function.

Right, I had not considered that. However it's a moot point 
because create_token is only called from seteuid, which checks
that prgpsid isn't NULL (same for usersid). So we can go three ways:
- apply the patch and move on.
- go all the way and remove the test for NULL pgrpsid 
    (we don't check NULL usersid either)
- go back to the way it was, either I produce a new patch or I revert
    that part later.

> Another question.  Shouldn't this in create_token
<snip>
> better be change to
<snip>

It's fine. The idea (see old mail) is that if the pgrpsid is special because 
setgid has set a gid that is not in passwd nor in the aux groups, nor in
the Windows equivalents, (this happens e.g. with mailers setgid to the 
"mail" group), then the token has more rights than what the user
normally has when she logs in. verify_token is then stricter
with that token.
The same kind of issues, just more complicated, occur with setgroups().
I will revisit the whole thing.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]