exec after seteuid

Corinna Vinschen cygwin-patches@cygwin.com
Mon Jun 9 16:36:00 GMT 2003

On Mon, Jun 09, 2003 at 11:14:56AM -0400, Pierre A. Humblet wrote:
> Don't drop the setegid()!!!! seteuid(new user) would see the gid of system 
> (which can be 544 or 18 in old installs), which may not be in the token
> created from login with password. If it's not, a new (passwordless) 
> token will be created. If you run with 544 you won't see that bad behavior.

Btw., if that's true, it's a bug, IMHO.  It undermines the job,
cygwin_set_impersonation_token() is designed for.  If a passwordy
token is given, it should be used if the uid given to seteuid32()
corresponds to the SID in the token.  If the gid is taken into
account too strictly, there's no clean way to switch back and forth
between the privileged and the unprivileged account multiple times
w/o changing the source code of the application each time, the
set(e)?[gu]id is called.  Basically the code would have to be changed


in all applications doing this.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

More information about the Cygwin-patches mailing list