This is the mail archive of the cygwin-developers@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: login-1.3 can't work on the recent snapshots.


Chris Faylor wrote:
> 
> On Wed, Jul 19, 2000 at 09:03:36PM +0200, Corinna Vinschen wrote:
> >Chris Faylor wrote:
> >>
> >> On Thu, Jul 20, 2000 at 01:36:17AM +0900, Kazuhiro Fujieda wrote:
> >> >>>> On 05 Jul 2000 23:28:46 +0900
> >> >>>> Kazuhiro Fujieda <fujieda@jaist.ac.jp> said:
> >> >
> >> >> The login-1.3 of the net release seem not to work with the
> >> >> recent snapshots. I tested it with inetutils-1.3.2-4 under
> >> >> WinNT4 Sp6a and the latest snapshot.
> >> >>
> >> >> When I connected with in.telnetd, I was able to find the
> >> >> following message. But I couldn't start the remote session,
> >> >> because bash.exe spawned by login.exe was choked by the system
> >> >> error of "The application failed to initialize properly (0xc0000022).".
> >> >
> >> >I managed to find the cause of this problem.
> >> >
> >> >spawn_guts can modify values referred by `child', even though
> >> >there is a case where `child' == `myself'.
> >>
> >> Is this when spawn_guts is called to 'exec[lv]p?()' something?
> >
> >I don't understand then, why my impersonation stuff works at all.
> >All typical applications using that technique are using exec(),
> >not spawn().
> >
> >login-1.3 is still using `sexec..()' of course.
> 
> I'm not sure why it is a problem even for when child == myself,
> actually.

The below code could produce that (from spawn_guts):

==== SNIP ====
      /* Remove impersonation */
      uid_t uid = geteuid();
      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
        seteuid (myself->orig_uid);

      /* Set child->uid to USHRT_MAX to force calling
internal_getlogin()
         from child process. Set psid to NULL to play it safe. */
      child->uid = USHRT_MAX;
      child->psid = NULL;

      rc = CreateProcessAsUser (...);

      /* Restore impersonation */
      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
        seteuid (uid);
==== SNAP ====

Assuming that myself==child, the last part (restoring the impersonation)
would be able to influence the child. The child would get a uid which
is the wrong one and additionally forbids calling internal_getlogin.
Hmm.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]