This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: exec after seteuid


On Mon, Jun 09, 2003 at 11:14:56AM -0400, Pierre A. Humblet wrote:
> Don't drop the setegid()!!!! seteuid(new user) would see the gid of system 
> (which can be 544 or 18 in old installs), which may not be in the token
> created from login with password. If it's not, a new (passwordless) 
> token will be created. If you run with 544 you won't see that bad behavior.

Btw., if that's true, it's a bug, IMHO.  It undermines the job,
cygwin_set_impersonation_token() is designed for.  If a passwordy
token is given, it should be used if the uid given to seteuid32()
corresponds to the SID in the token.  If the gid is taken into
account too strictly, there's no clean way to switch back and forth
between the privileged and the unprivileged account multiple times
w/o changing the source code of the application each time, the
set(e)?[gu]id is called.  Basically the code would have to be changed
to

	cygwin_set_impersonation_token()
	seteuid(unpriv_uid);
	...
	seteuid(priv_uid);
	...
	cygwin_set_impersonation_token()
	setuid(unpriv_uid);

in all applications doing this.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]