This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Corinna or Pierre please comment? [jason@tishler.net: Re: setuid


On Fri, Jul 19, 2002 at 10:42:58AM -0400, Pierre A. Humblet wrote:
> Right, I had not considered that. However it's a moot point 
> because create_token is only called from seteuid, which checks
> that prgpsid isn't NULL (same for usersid). So we can go three ways:
> - apply the patch and move on.
> - go all the way and remove the test for NULL pgrpsid 
>     (we don't check NULL usersid either)
> - go back to the way it was, either I produce a new patch or I revert
>     that part later.

I've choosen the first one and applied your patch.

> It's fine. The idea (see old mail) is that if the pgrpsid is special because 
> setgid has set a gid that is not in passwd nor in the aux groups, nor in
> the Windows equivalents, (this happens e.g. with mailers setgid to the 
> "mail" group), then the token has more rights than what the user
> normally has when she logs in. verify_token is then stricter
> with that token.
> The same kind of issues, just more complicated, occur with setgroups().
> I will revisit the whole thing.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]