This is the mail archive of the cygwin-developers@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: login-1.3 can't work on the recent snapshots.


On Wed, Jul 19, 2000 at 09:54:14PM +0200, Corinna Vinschen wrote:
>Chris Faylor wrote:
>> I'm not sure why it is a problem even for when child == myself,
>> actually.
>
>The below code could produce that (from spawn_guts):
>
>==== SNIP ====
>      /* Remove impersonation */
>      uid_t uid = geteuid();
>      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
>        seteuid (myself->orig_uid);
>
>      /* Set child->uid to USHRT_MAX to force calling
>internal_getlogin()
>         from child process. Set psid to NULL to play it safe. */
>      child->uid = USHRT_MAX;
>      child->psid = NULL;
>
>      rc = CreateProcessAsUser (...);
>
>      /* Restore impersonation */
>      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
>        seteuid (uid);
>==== SNAP ====
>
>Assuming that myself==child, the last part (restoring the impersonation)
>would be able to influence the child. The child would get a uid which
>is the wrong one and additionally forbids calling internal_getlogin.
>Hmm.

Ok.  So, it seems like you just don't need to do the second seteuid when
mode == _P_OVERLAY .  Right?

cgf

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]