This is the mail archive of the
mailing list for the Cygwin project.
Re: [ITP] libsuexec 1.0
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin-apps at cygwin dot com
- Date: Sat, 16 Aug 2014 12:50:22 +0200
- Subject: Re: [ITP] libsuexec 1.0
- Authentication-results: sourceware.org; auth=none
- References: <53EF10B3 dot A1BC4FBE at boland dot nl> <87fvgweqau dot fsf at Rainer dot invalid> <20140816104011 dot GT28562 at calimero dot vinschen dot de>
Corinna Vinschen writes:
>> So if I'm a member of the administrators group those programs will use
>> administrative rights while delivering mail to my inbox even though they
>> don't need to? That doesn't sound desirable to me in any way.
> No, they won't. The lib just converts the uid of the current user to 0
> within the application to keep it blissfully ignorant. This allows to
> run applications claiming uid 0 is something special from SYSTEM or
> cyg_server as service, without the need to patch the sources. It's
> not exactly a bad idea for such services if it makes them work, I think.
Good, I haven't checked the sources so I'll believe it. Actually I've
been thinking before that maybe it was a good idea to map group 544 to
euid 0 (so that shells would be showing # as prompt without extra
nudging), but I came to the conclusion that it probably makes more
trouble than it's worth. Maybe I revisit that question some timeâ
But anyway, I stick to my earlier assessment that this functionality
should be incorporated into applications that need it on the source
level, gnulib-style. That shim is small emough so that the resulting
duplication doesn't matter. I can't think of a good reason to have that
as a DLL on the other hand (other than if you'd wanted to shim at
runtime, which is IMHO a bad idea).
> Postfix for Cygwin would be *so* nice. Sigh. It would also be nice to
> get Exim running on 64 bit. But either way, sendmail is still kind of a
> de-facto standard, so it's not bad to get it into the distro, just as
> Fedora comes with sendmail, postfix, exim, etc. Choice is good.
The idea of exposing that server to the world doesn't sound exactly
appealing to me. But yes, choice is good. :-)
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf Blofeld: