This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ntsec+inetd+cvspserver (was CVS PServer problem)

On Wed, Jan 30, 2002 at 10:46:48AM -0000, Phil Dempster wrote:
> Hi folks,
> I've managed to get CVS pserver running on Win2K (ntsec) and am in the
> process of preparing some documentation for it.  I'm trying to grasp just
> how the user ID switching works when CVS is spawned from inetd.
> I've found that it is not necessary to specify the user as `root' in
> inetd.conf, for example `Guest' will suffice.
> #/etc/inetd.conf
> cvspserver stream tcp nowait Guest /usr/bin/cvs
> cvs -f --allow-root=/usr/local/cvsroot pserver
> I'd hoped that would make it a lot harder for anyone with malicious intent
> to gain access via pserver.  However, I'm not convinced that isn't a bogus
> assumption.  Does anything spawned from inetd run as the same uid as inetd
> itself (i.e. System)?

Heck, why did I wrote /usr/doc/inetutils-1.3.2.README and what are
the announcements good for?  Since version 1.3.2-15 we have the
following (quoted):

      In inetd, allow to start services now as the user given in
      the /etc/inetd.conf service entry.  The user `root' is
      treated special since it doesn't trigger a user context
      switch.  Example:

	ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd

      doesn't trigger a user context switch, the ftp daemon
      will run under SYSTEM account while in

	ftp stream tcp nowait john_doe /usr/sbin/in.ftpd in.ftpd

      inetd will try to run the ftp daemon under the `john_doe'
      account.  This will fail if the account `john_doe' isn't
      correctly set up in /etc/passwd and /etc/group.  However,
      wrong user entries or failed user context switches are
      logged in the NT event log so it should be easy to debug.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]