Security patches

Corinna Vinschen
Wed May 15 05:22:00 GMT 2002

On Mon, May 13, 2002 at 11:25:09PM -0400, Pierre A. Humblet wrote:
> Hello Corinna,
> This is the third installment. It fixes:
> 1) non-cygwin child processes always get the correct primary group
> 2) tighter check of whether an existing token should be reused
> 3) impersonated tasks now have access to their own token

What applications did you use for testing?  Just curious...

> There is another set of changes I'd like to make to address 
> two issues:
> [...]
> I don't know the history and motivation of this design, but
> it doesn't seem that clean. I would propose instead one of 

It is not that clean but the history is only a rudimentary
support of groups at all.  It was difficult enough to learn
how to change user context w/o password at all and how to
manipulate a token in a useful way.  No doubt, it's somewhat

> 1) when ntsec is off, setuid() succeeds while doing almost nothing.
> The danger is that a privileged process will never give up
> its privileges.
> 2) setuid() and setgid() return in error on NT if ntsec isn't set.
> 3) no matter ntsec, setuid() / setgid() behave basically as they do 
> today when ntsec is set. They fail if the passwd file doesn't contain SIDs. 
> I would vote for 3, not seeing the advantage of 2.
> What's your opinion?

I agree. 3) is the way to go.  I've no example handy but switching
to 2) might break apps which work fine on the commandline otherwise.

I'm looking through your patches (including your today's
update).  I will apply them perhaps tomorrow, trying to understand
them first.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

More information about the Cygwin-patches mailing list