This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: uw-imap-imapd: suggestions for cyg_server issue


At 06:11 PM 2/11/2010, Shaddy Baddah wrote:
Hi Pierre,

On 11/02/2010 10:39 PM, Pierre A. Humblet wrote:
The problem you will run into is that 544 can be changed (e.g. to 0).
It's better to do it learn it dynamically.
The following is from the cron package source code.
<snip>

Thanks for that. Yes, I have a similar patch I made in my experimental
branch. I make one, IMO, slightly stronger assumption (than having a
fixed RID) that enables the check to be all POSIX.

I assume that the correct SID is always in the password field for both
passwd and group. I then search for these files for the SIDs of SYSTEM
user and Administrators group. The checks from there are the same.

The problem with this patch is, for consistency, I would have had to
do the same for checkpw() in imap-2007/src/osdep/unix/ckp_cyg.c,
which also assumes SYSTEM RID. This had two problems, a) increased
complexity, b) my method to eliminate cyg_server is to eliminate
Administrators. Firstly, I wouldn't be able to check for this using
pure POSIX, as I don't get the luxury of getgroups() until after the
user is logged in. Secondly, many users are in the Administrators
group. It would not do to eliminate them from logging in. I would need
some other heuristic to detect the cyg_server user (if I want to avoid
a known names list, like csih helper).

Thanks,
Shaddy

PS: Respectfully, you may want to do
http://cygwin.com/acronyms/#PCYMTNQREAIYR to avoid the below
situation. Thanks in advance.

Sorry for not removing your e-mail address, I try not to forget.
I don't know imap nor the consequences of "performing the emulation" when it's not required,
just avoiding using a fixed 544.


A stronger test would be to get the privileges, but I don't know how to do that with Posix.
Perhaps we could add a cygwin_internal() call to detect that, if it's really necessary.


A Posix but somewhat cumbersome test would be to seteuid to any other existing uid (e.g. system).
If it succeeds, it's privileged and you can setuid back to what you started from.
Just brainstorming....


Pierre



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]