This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: login: no shell: /bin/bash: Permission denied

From: Andrew DeFaria <Andrew at DeFaria dot com>
To: cygwin at cygwin dot com
Date: Wed, 06 Mar 2002 13:56:07 -0800
Subject: Re: login: no shell: /bin/bash: Permission denied
Newsgroups: gmane.os.cygwin
Organization: Salira Optical Networks
References: <m3eliylhc2.fsf@appel.lilypond.org> <20020306101433.P13590@cygbert.vinschen.de> <3C866A0B.6040500@DeFaria.com> <20020306213202.C13590@cygbert.vinschen.de>

Corinna Vinschen wrote:

> On Wed, Mar 06, 2002 at 11:12:11AM -0800, Andrew DeFaria wrote:
> 
>>You imply that somebody has the ability to change user context! If so 
>>then who is that somebody (USER)?
>>
> 
> I have to tell that each week (day?) again, apparently.  It's SYSTEM.

Sorry, I saw that the very next post. So then is it possible to login(1) 
as SYSTEM then use login(1) to switch user? Probably not because you 
(i.e. not the other user nor SYSTEM) can't use login to switch user to 
SYSTEM.

OK then, seems to me that su might be implementable by using a service 
that runs as SYSTEM and takes requests to switch user from user A to 
user B. Possible?

>>It's my understanding that the only thing(s) that use login are things 
>>like telnet/rlogin/rsh.
>>
>>Frustrated by the lack of su(1M)!
>>
> 
> Did you ever try to understand NT security?  

Only briefly I glanced over it. Honestly I do not wish to be an NT 
security expert.

> Otherwise you would
> know know the cause for this restriction.  It's exceptionally not
> because we're mean!

Did I say you were mean?

> 
>>Oh, BTW, here's a potential security problem:
>>
>>$ rsh hosta id
>>uid=1370(adefaria) gid=513(Domain Users) groups=0(Everyone),512(Domain 
>>Admins),513(Domain 
>>Users),1170(Everybody),1382(ITSupport),1354(Operations),1331(Software)
>>$ rsh hosta -l otheruser id
>>uid=1269(otheruser) gid=513(Domain Users) groups=0(Everyone),513(Domain 
>>Users),1203(Engineering),1170(Everybody),2171(Product Team),1215(Service 
>>Group),1331(Software),1298(TDM Group)
>>
>> How did I rsh as another user and not be prompted for a password?
>>
> 
> Because you have an .rhosts file?  I assume you know how rsh
> works on U*X systems, don't you?

No need to get condesending here Corinna! I know how rsh works! My first 
shot at it had a ~/.rhosts file but just before I posted I said to 
myself that I should verify this is still a problem without a ~/.rhosts 
so I moved it aside and reproduced exactly the same problem.

Regardless, to me it's still would be a large security hole if all one 
needs to do is:

$ echo "+" > ~/.rhosts

to be able to abuse rsh to do something under somebody else's user ID is 
it not?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: login: no shell: /bin/bash: Permission denied
  - From: Peter Buckley
- Re: login: no shell: /bin/bash: Permission denied
  - From: Corinna Vinschen

References:
- login: no shell: /bin/bash: Permission denied
  - From: Jan Nieuwenhuizen
- Re: login: no shell: /bin/bash: Permission denied
  - From: Corinna Vinschen
- Re: login: no shell: /bin/bash: Permission denied
  - From: Andrew DeFaria
- Re: login: no shell: /bin/bash: Permission denied
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]