This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
Re: [Patch] Allow to disable root privileges with CYGWIN=noroot
On Oct 11 22:45, Christian Franke wrote:
> Corinna Vinschen wrote:
>> Thanks for the patch. You did check that the normal setuid/seteuid
>> cases still work, didn't you?
>>
>>
>
> Yes.
Cool. I just tested it myself and it looks good.
>> What's wrong with:
>>
>> for i in $(id -G);
>> do
>> [ $i -eq 544 ] && PS1='# '
>> done
>>
>>
>
> Is OK, except if admin group is mapped to other gid (0?) in /etc/group.
It isn't in the default case. And it's important that there is a way
to handle this with simple POSIXy means.
> I removed the error check and set HANDLE_FLAG_INHERIT in seteuid32().
Oh, sure! That's much simpler than duplicating the token handle at
set_imp_token time.
>> Do I miss something or is the setuid_to_restricted flag equivalent to
>> the curr_token_is_restricted flag [...]
>
> setuid_to_restricted is only set in setuid32, not in seteuid32. If
> seteuid(geteuid()) is called, the behaviour is similar to the ruid != euid
> case: The exec()ed process can revert to the original token.
Ok, so I missed something, sorry.
> * include/sys/cygwin.h: Add new cygwin_getinfo_type
> CW_SET_EXTERNAL_TOKEN.
> Add new enum CW_TOKEN_IMPERSONATION, CW_TOKEN_RESTRICTED.
> * cygheap.h (cyguser): New flags ext_token_is_restricted,
> curr_token_is_restricted and setuid_to_restricted.
> * external.cc (cygwin_internal): Add CW_SET_EXTERNAL_TOKEN.
> * sec_auth.cc (set_imp_token): New function.
> (cygwin_set_impersonation_token): Call set_imp_token ().
> * security.h (set_imp_token): New prototype.
> * spawn.cc (spawn_guts): Use CreateProcessAsUserW if
> restricted token was enabled by setuid ().
> Do not create new window station in this case.
> * syscalls.cc (seteuid32): Add handling of restricted
> external tokens. Set HANDLE_FLAG_INHERIT for primary token.
> (setuid32): Set setuid_to_restricted flag.
> * uinfo.cc (uinfo_init): Do not reimpersonate if
> restricted token was enabled by setuid ().
> Initialize user.*_restricted flags.
Patch checked in.
Thanks for doing this. Would you have fun to provide a tool for the
net distro which uses this feature?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat