This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: exec after seteuid


On Sat, Jun 07, 2003 at 03:34:56PM -0400, Pierre A. Humblet wrote:
> I was just thinking about the security implications. For example
> login uses seteuid. With the change, the shell would still start
> with ruid = 18, and a simple RevertToSelf would bring privileges 
> back. I think (all ?) shells setuid(geteuid()), but in Cygwin the 
> change wouldn't really be effective until the next exec.
> Perhaps it would be safer to have login and such use setuid.

I just had a look into the current login.c implementation on NetBSD.
It is using setuid/setgid.  Actually it's using setusercontext(3)
but with all options set which implies setuid/setgid.  Yes, using
only seteuid/setegid in login has to be considered an error which
just didn't matter so far.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]