The eternal uid issue
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Jul 24 13:52:00 GMT 2014
On Jul 24 08:52, D. Boland wrote:
> In your previous mail, you propose the following function to check for 'root'
> privileges, which an upstream maintainer could put in his code:
>
> int
> is_admin (uid_t uid)
> {
> #ifdef __CYGWIN__
> return [getgrouplist(uid, ...) contains group 544];
> #else [other platform]
> return [different test];
> #else
> return uid == 0;
> #endif
> }
>
> But this only introduces a new function which she has to put into multiple locations
> of the original code. So again, why not just modify the 'getuid' function in
> cygwin1.dll to return '0' if the current user is actually SYSTEM or one of the
> administrators?
>
> Then you have rock-solid emulation. I would not have to modify a single line of
> code.
You're kidding, right? What about code like this:
struct stat st;
stat("foo", &st);
if (st.st_uid != getuid ())
/*error*/
else
/*do something*/
I'm not saying that this is overly elegant coding, but just as you
expect that getuid() returns 0 for any admin, other applications will
expect that getuid() reflects reality.
Why don't you just override getuid in your application to serve the
applications needs?
#ifdef __CYGWIN__
#define getuid() CYG_getuid()
#endif
[...]
#ifdef __CYGWIN__
#undef getuid
uid_t
CYG_getuid ()
{
/* Return 0 for any admin user. */
if (/*getgroups() contains group 544*/)
return 0;
return getuid ();
}
But be careful. Just because there are multiple users with admin
permissions, that doesn't mean they all want their mail in the same
mailbox for user 0...
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140724/9fd6778c/attachment.sig>
More information about the Cygwin
mailing list