This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: bug report, question and suggestion

At 06:38 PM 12/30/01 +0100, Corinna Vinschen wrote:
>On Sun, Dec 30, 2001 at 11:26:15AM -0500, Pierre A. Humblet wrote:
>> At 11:15 PM 12/29/01 +0100, Corinna Vinschen wrote:

>> While I am at it, here is another weird observation:
>> base case above: prog reads some registry key. Succeeds.
>> cases 1 and 2: prog reads some registry key. Access denied.
>> But if xxx has admins privilege, prog can read the registry in 
>> cases 1 and 2...
>> Can this be explained somehow? It's all on a standalone Win2000.
>Hmm, some debgging would help here, perhaps.
Hi Corinna

Well, I had to learn a few things to track this one.
Please cc me directly. Sorry about the length. 
What follows was observed on NT 4, it's somewhat 
different on Windows 2000.
The keys are related to the perflib, e.g.
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\009"
and others.

Initially I thought that the error 5 ERROR_ACCESS_DENIED
meant that, following setuid(), the user did not have
query access to the key, even though he could open it
without problems. This guess was wrong.

The real problem is that following setuid(), the ACL (not default 
ACL) of the impersonation token (which is inherited from the
default ACL of the process token) makes the impersonation
token non-accessible by its user
(normally the user has full access to its token,
and it seems that setuid() should preserve that).
ERROR_ACCESS_DENIED is thus generated when some Microsoft
code tries to access the token while getting the key.

This is demonstrated in the debug.out attachment where I print 
the impersonation token, try to access the key (fail), 
then clear the token ACL and succeed reading the key.

I tried to patch, without success.
In the attached diff file I set an acl (actually I
reuse your default ACL) in a security descriptor "sd".
sd is pointed to by your security attribute "sa", which
is passed to DuplicateTokenEx() in create_token(). 
I also added a new call to SetKernelObjectSecurity(),
for good measure.
This runs without errors, but nothing happens.
I have no idea why. Any help or suggestions will be 

Here are four other things I noticed:

1) If setuid(gid) with a gid that doesn't exist, the
system silently sets the gid to "administrators". That
is not fail safe! 
The problem is that getgrgid() never fails. It should
have a flag to tell it whether it should default or not. 
[The default is fine when specifying a SET_ACCESS ACE]

2) my_token isn't closed in create_token()

3) Why is it necessary to set the PrimaryGroup in the
process token in setegid()? (That can fail silently).
Is that field ever read? I thought that PrimaryGroup 
only needs to be set in impersonation tokens, so that 
seteuid() can decide if an existing token can be

4) If in "cygrunsrv -u user ..."  the Cygwin and Windows 
user names differ, then the process will have the wrong

Entry in passwd (note Cygwin name != Windows name)

/> cygrunsrv -I test -u mail -e CYGWIN=ntsec -p /a.exe
Enter password of user `.\mail': 
Reenter, please: 
/> cygrunsrv -S test
/> head /var/log/test.log
CYGWIN = ntsec USERNAME = UNDEF UID = 500 GID = 513 PID = 619
/******************* Token Start ****************************/
/******************* Token User */  
Mail PHumblet SidTypeUser                           <=== CORRECT USER
S-1-5-21-2127391503-1594901184-99485923-1002        <=== CORRECT SID
Changed entry in passwd

/> cygrunsrv -S test
/> head /var/log/test.log
CYGWIN = ntsec USERNAME = UNDEF UID = 1002 GID = 1005 PID = 654 <==
/******************* Token Start ****************************/
/******************* Token User */
Mail PHumblet SidTypeUser


Attachment: security.diff
Description: Text document

Attachment: debug.out
Description: Text document

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]