This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Allow to disable root privileges with CYGWIN=noroot


On Oct 11 22:45, Christian Franke wrote:
> Corinna Vinschen wrote:
>> Thanks for the patch.  You did check that the normal setuid/seteuid
>> cases still work, didn't you?
>>
>>   
>
> Yes.

Cool.  I just tested it myself and it looks good.

>> What's wrong with:
>>
>>   for i in $(id -G);
>>   do
>>     [ $i -eq 544 ] && PS1='# '
>>   done
>>
>>   
>
> Is OK, except if admin group is mapped to other gid (0?) in /etc/group.

It isn't in the default case.  And it's important that there is a way
to handle this with simple POSIXy means.

> I removed the error check and set HANDLE_FLAG_INHERIT in seteuid32().

Oh, sure!  That's much simpler than duplicating the token handle at
set_imp_token time.

>> Do I miss something or is the setuid_to_restricted flag equivalent to
>> the curr_token_is_restricted flag [...]
>
> setuid_to_restricted is only set in setuid32, not in seteuid32. If 
> seteuid(geteuid()) is called, the behaviour is similar to the ruid != euid 
> case: The exec()ed process can revert to the original token.

Ok, so I missed something, sorry.

> 	* include/sys/cygwin.h: Add new cygwin_getinfo_type
> 	CW_SET_EXTERNAL_TOKEN.
> 	Add new enum CW_TOKEN_IMPERSONATION, CW_TOKEN_RESTRICTED.
> 	* cygheap.h (cyguser): New flags ext_token_is_restricted,
> 	curr_token_is_restricted and setuid_to_restricted.
> 	* external.cc (cygwin_internal): Add CW_SET_EXTERNAL_TOKEN.
> 	* sec_auth.cc (set_imp_token): New function.
> 	(cygwin_set_impersonation_token): Call set_imp_token ().
> 	* security.h (set_imp_token): New prototype.
> 	* spawn.cc (spawn_guts): Use CreateProcessAsUserW if
> 	restricted token was enabled by setuid ().
> 	Do not create new window station in this case.
> 	* syscalls.cc (seteuid32): Add handling of restricted
> 	external tokens. Set HANDLE_FLAG_INHERIT for primary token.
> 	(setuid32): Set setuid_to_restricted flag.
> 	* uinfo.cc (uinfo_init): Do not reimpersonate if
> 	restricted token was enabled by setuid ().
> 	Initialize user.*_restricted flags.

Patch checked in.

Thanks for doing this.  Would you have fun to provide a tool for the
net distro which uses this feature?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]