This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: exec after seteuid
On Sat, Jun 07, 2003 at 03:34:56PM -0400, Pierre A. Humblet wrote:
> I was just thinking about the security implications. For example
> login uses seteuid. With the change, the shell would still start
> with ruid = 18, and a simple RevertToSelf would bring privileges
> back. I think (all ?) shells setuid(geteuid()), but in Cygwin the
> change wouldn't really be effective until the next exec.
> Perhaps it would be safer to have login and such use setuid.
I just had a look into the current login.c implementation on NetBSD.
It is using setuid/setgid. Actually it's using setusercontext(3)
but with all options set which implies setuid/setgid. Yes, using
only seteuid/setegid in login has to be considered an error which
just didn't matter so far.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.