exec after seteuid

Corinna Vinschen cygwin-patches@cygwin.com
Mon Jun 9 12:11:00 GMT 2003


On Sun, Jun 08, 2003 at 05:32:56PM -0400, Pierre A. Humblet wrote:
> At 10:04 PM 6/7/2003 +0200, Corinna Vinschen wrote:
> >I just had a look into the current login.c implementation on NetBSD.
> >It is using setuid/setgid.  Actually it's using setusercontext(3)
> >but with all options set which implies setuid/setgid.  Yes, using
> >only seteuid/setegid in login has to be considered an error which
> >just didn't matter so far.
> 
> Corinna, 
> 
> here is the patch.
> 
> It seems to work fine but it requires login.exe changes. It's
> not just a question of security. ash does not setuid, while bash 
> setuid(getuid()), i.e. just the opposite of what we need.

I'm wondering why a shell should use setuid at all.  It's not the
task of the shell to do this, it's supposed under the environment
it gets.  So this is entirely the task of the processes which
eventually start a shell (login, rshd, sshd, etc.)

> While I was looking at the most recent login.c I saw that you have
> added a seteuid (priv_uid). Ideally, shouldn't it still be effective 
> while calling dolastlog()? It's weird that the Berkeley code didn't do

I've uploaded a new login which does that.

> that. There is also the issue raised by Takashi Yano on the list.

Which is not related to using the wrong token.  I've written something
on the cygwin ML.

I'm going to have a look into your patch now.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.



More information about the Cygwin-patches mailing list