This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: The eternal uid issue


Hi Corinna,

Corinna Vinschen wrote:
> > But this only introduces a new function which she has to put into multiple locations
> > of the original code. So again, why not just modify the 'getuid' function in
> > cygwin1.dll to return '0' if the current user is actually SYSTEM or one of the
> > administrators?
> >
> > Then you have rock-solid emulation. I would not have to modify a single line of
> > code.
> 
> You're kidding, right?  

Haha. I must admit that I was not kidding. I got stuck with the idea that "there can
only be one". 

> What about code like this:
> 
>   struct stat st;
>   stat("foo", &st);
>   if (st.st_uid != getuid ())
>     /*error*/
>   else
>     /*do something*/
> 
> I'm not saying that this is overly elegant coding, but just as you
> expect that getuid() returns 0 for any admin, other applications will
> expect that getuid() reflects reality.
> 
> Why don't you just override getuid in your application to serve the
> applications needs?
> 
>   #ifdef __CYGWIN__
>   #define getuid()      CYG_getuid()
>   #endif
> 
>   [...]
> 
>   #ifdef __CYGWIN__
>   #undef getuid
>   uid_t
>   CYG_getuid ()
>   {
>     /* Return 0 for any admin user. */
>     if (/*getgroups() contains group 544*/)
>       return 0;
>     return getuid ();
>   }
> 
> But be careful.  Just because there are multiple users with admin
> permissions, that doesn't mean they all want their mail in the same
> mailbox for user 0...

Thanks for the overloading code. I already tested it. Now I can leave the Sendmail
code (almost) unchanged. Thanks also for the time you put into this. I hope the
RedHat people pay you well.

I have Sendmail ready to be released, but only the 'crude' version (running as an
admin user). I'd like to go for the preferred solution (starting as admin, switching
to unprivileged). The uid issue is sorted. But to get it there, I have one final
problem to solve.

Sendmail checks if the user's home directories are group- or world writable. It does
this with 'stat'. If Sendmail is running in 'crude' mode (main program and children
running as the Sendmail 'smmsp' user, made admin), stat returns the right file mode
for my home directory (rwxr-xr-x). The email is delivered.

If I have Sendmail running in preferred mode (main program as cyg_server, children
running as 'smmsp', removed from admin group), stat returns the wrong mode
(rwxrwxrwx). As a consequence, Sendmail refuses to deliver email.

Can I do anything about this?

Cincerely,
Daniel


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]