This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [RFC] Globally creating a user and a group "root"

From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
To: cygwin-apps at cygwin dot com
Date: Wed, 12 Nov 2003 05:37:33 -0500
Subject: Re: [RFC] Globally creating a user and a group "root"
References: <3.0.5.32.20031111132250.008396a0@verizon.net><20031111155248.GB25311@redhat.com><20031111124648.GR18706@cygbert.vinschen.de><20031111155248.GB25311@redhat.com><3.0.5.32.20031111132250.008396a0@verizon.net>

At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote:
>On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote:
>> This indeterminacy might cause headaches during the transition period,
>> it's hard to foresee all ramifications.
>
>I'm running my system for at least a year with two group entries,
>root:S-1-5-32-544:0: and admin:S-1-5-32-544:544: and I never saw any
>negative influence.  It's the same group from the Windows point of view
>so no problems from that side.  It's basically just another name and gid
>for the same user.

Exim can be quite picky about permissions. If it expects 544 it won't be
happy with 0. But I will fix all that in the next release.
 
>> This being said, exim shouldn't care as long as 544 maps to S-1-5-32-544.
>> It autodetects if it is privileged and, if so, setgid(544) & setuid(18)
>> to normalize its environment (that was done with Windows 2003 in mind).
>
>I don't understand.  You were the one who figured out the 2003 problem
>with the SYSTEM account.  So, erm...

No sure what you mean. Recall that when we setuid(18) we use the privileges
that are defined for SYSTEM in security.cc, not those that MS assigns on 2003.

>> In summary, no problem (AFAICS) if 544 appears before 0. I need a decent
>> transition period before you reverse the order (affects only new
>> exim installs), and a long one before you get rid of 544 (affects existing
>> installations).  
>
>IMHO we should not wait too long.  At one point we must do it anyway
>and it's easy to make the transition for the user: just upgrade Cygwin
>and the affected packages.  It's no step which actually destroys
>anything but it will help all 2003 users and also users of other systems
>since the new "root" account would circumvent any permission problems.
>If a new Windows requires new privileges to do the really interesting
>stuff, just add them to "root" and you're done.  Knock on wood...

I agree.

>Anyway, I think we should add "root/0" to /etc/group so that it comes
>before the "administrators/544" entry right from the beginning.  What
>happens in an exim installation then?

Actually it works just fine, and both 544 and 0 appear in id.
Patting myself on the back :)

I have one extra comment: Cygwin introduces a number of security holes,
which I have started to plug. The fixes to the biggest ones
(PROCESS_DUP_HANDLE)
seem to be stalled, and there are still a number of other patches to come.
By introducing the root user on 2003 we are undoing positive steps taken by
MS. 
We should warn the user of the current privilege escalation risk.

Pierre

Follow-Ups:
- Re: [RFC] Globally creating a user and a group "root"
  - From: Corinna Vinschen

References:
- Re: [RFC] Globally creating a user and a group "root"
  - From: Pierre A. Humblet
- Re: [RFC] Globally creating a user and a group "root"
  - From: Christopher Faylor
- [RFC] Globally creating a user and a group "root"
  - From: Corinna Vinschen
- Re: [RFC] Globally creating a user and a group "root"
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]