This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security.cc: bug report, question and suggestion


At 05:06 PM 1/19/02 +0100, Corinna Vinschen wrote:
>On Fri, Jan 18, 2002 at 07:46:03PM -0500, Pierre A. Humblet wrote:
>
>> 3) Why is it necessary to set the PrimaryGroup in the
>> process token in setegid()? 
>
>No, the primary group is used also to create object DACLs.
>When setting the PrimaryGroup, even native Windows child
>processes create file with that group as creator group
>instead of the default group (e.g. always "None", 513 on
>standalone machines).

yes, but in Cygwin the setgid() is not really effective until
the next setuid(). By that time there will be a new token
anyway. What bothers me is that the call may fail silently (e.g. if
setgid() is called while impersonation is in effect, access
to the process token would probably be disallowed). 
Even if the call succeeds, won't Windows use the thread (impersonation)
token rather than the process token when creating DACLs?
Wouldn't it be safer to always rely on myself->gid to set ACLs
and only use the PrimaryToken to verify if an existing token 
can be reused?

>> 4) If in "cygrunsrv -u user ..."  the Cygwin and Windows 
>> user names differ, then the process will have the wrong
>> uid.
>> 
>> Entry in passwd (note Cygwin name != Windows name)
>>
exim:unused_by_nt/2000/xp:1002:1005:daemon,U-PHumblet\Mail,S-1-5-21-21273915
>> 03-1594901184-99485923-1002:/h
>> ome/Mail:/bin/bash
>> 
>> /> cygrunsrv -I test -u mail -e CYGWIN=ntsec -p /a.exe
>> Enter password of user `.\mail': 
>> Reenter, please: 
>> /> cygrunsrv -S test
>> /> head /var/log/test.log
>> CYGWIN = ntsec USERNAME = UNDEF UID = 500 GID = 513 PID = 619
>> <==INCORRECT UID/GID
>
>Operator error.  -u expects the Cygwin user name, not the Windows

Hmm, I can't check until Monday but I distinctly remember that
cygrunsrv is smart. If I call cygrunsrv -u exim (in example above)
it will prompt for .\mail's password. Both usages result in the wrong
uid (will check). Something else: if the path given to cygrunsrv is 
a shell and the shell calls a program, the program has the correct uid.

>Thanks for tracking all this down.  I will change the token's
>ACL to have TOKEN_ALL_ACCESS for the user (perhaps tomorrow) and
>then I'd like to ask you to test your stuff again.

Any time, security is a great addition to Cygwin.

>Oh, btw., you're perhaps interested to contribute to Cygwin code?

Anything specific in mind? I don't have time to start big projects
but I am happy to help, the more so when bugs affect me :)

Pierre


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]