exec after seteuid

Pierre A. Humblet Pierre.Humblet@ieee.org
Mon Jun 9 15:13:00 GMT 2003

Corinna Vinschen wrote:

> > Are you running with gid 544 by any chance?
> Argh, yes.
> > What I saw in login.exe while stracing my patch was
> > setegid(513)
> > seteuid(new user) <= uses token from login with password
> > seteuid(18)       <= creates a new token, discards token from login
> > seteuid(new user) <= creates new token.
> > If the first setegid was a 544, the seteuid(18) would reuse the process
> > token and the final seteuid() would use the token from the login with
> > passwd.
> Oh boy :-(  So I have to upload another version of login which drops the
> call to setegid() entirely.  Switching back to uid 18 the just reverts
> to self and the last call to setgid/setuid uses the logon token.

Don't drop the setegid()!!!! seteuid(new user) would see the gid of system 
(which can be 544 or 18 in old installs), which may not be in the token
created from login with password. If it's not, a new (passwordless) 
token will be created. If you run with 544 you won't see that bad behavior.

The right way is to save the system gid (as you save the system uid), and then

1) setegid(user_gid), seteuid(user_gid).
Do the chdir

Later to do the utmp piece, 
2) setegid(saved_gid), setegid(saved_uid)   (this goes back to the process token)

3)setgid(user_gid), setuid(user_uid).

Any initgroups() should/could go between 2 and 3.

More information about the Cygwin-patches mailing list