This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Windows 2003

From: Corinna Vinschen <vinschen at redhat dot com>
To: cygwin-developers at cygwin dot com
Date: Fri, 11 Jul 2003 15:01:38 +0200
Subject: Re: Windows 2003
References: <20030711114554.GS12368@cygbert.vinschen.de> <Pine.GSO.4.44.0307110842510.6088-100000@slinky.cs.nyu.edu>
Reply-to: cygwin-developers at cygwin dot com

On Fri, Jul 11, 2003 at 08:44:10AM -0400, Igor Pechtchanski wrote:
> On Fri, 11 Jul 2003, Corinna Vinschen wrote:
> 
> > On Thu, Jul 10, 2003 at 05:05:55PM -0400, Pierre A. Humblet wrote:
> > > I just reread the CreateProcessAsUser page. We do a RevertToSelf, so
> > > we access the executable image in the security context of the caller.
> > > Accessing C:\cygwin\bin\bash.exe isn't the issue, the error message
> > > must be about some other path...
> >
> > I've just got it working with a non-SYSTEM user under which sshd is
> > running.  The problem was a still missing user privilege.  The user
> > starting sshd as service needs not only the "Create a token object"
> > but also the "Replace a process level token" privilege, otherwise
> > the CreateProcessAsUser fails.  After finding it it suddenly is clear
> > why it didn't work.
> >
> > Corinna
> 
> I guess it pays to read your own documentation:
> <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID>... ;-)

Actually I was sure that Admins have this right by default.  Well...

> Should the above be updated with new privileges for Win2003, BTW?

Yes, that would probably make sense.  However, before changing the
documentation, we should consider how we want to go ahead in future.

Since SYSTEM is now not the right account anymore to do this sort of
stuff with and since we're just breaking things anyway (1.5.0-wise),
it would be good to redefine how we want to handle all this security
issues from now on.

Just as an example:  Currently SYSTEM's uid 18 is used as a root uid
and applications like cron or proftpd are relying on this uid being
SYSTEM or, at least, a privileged account.

OTOH, this is a bit of a nightmare when porting these applications
since it requires a careful examiniation of code, like, e. g.
`if (!uid) ...'.

So (still as example) what about changing this to uid 0?  Anybody
who needs to run service applications with special privileges should
run them under the uid 0 account.  The uid 0 account could be created
by a special script started from setup or from the command line.
There's nothing keeping us from creating a Windows account "root"
with Admin privileges plus all these dangerous "create token",
"replace token" and "act as part of the OS" privileges.  Then we
could use this one for all the dirty work.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

Follow-Ups:
- Re: Windows 2003
  - From: Igor Pechtchanski
- Re: Windows 2003
  - From: Pierre A. Humblet

References:
- Re: Windows 2003
  - From: Corinna Vinschen
- Re: Windows 2003
  - From: Igor Pechtchanski

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]