This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: The Cygwin Server Daemon


On Tue, Apr 23, 2002 at 08:51:24AM -0700, Richard Troy wrote:
> at this point: _execve() code notices the suid/guid bits are set, checks
> that the file owner is not the caller and that the callers group list 
> does not include the files group id, and dispatches a message to
> cygserver. That message includes the path to the image - and does not 
> include the owner.group as a secondary guard to security at the cost of 
> having to fetch this information a second time.
> 
> At this point, I presume from your clue that cygserver calls 
> CreateProcess(), passing arguments which tell it to create that process in 
> the context (with the credentials) of the indicated user and group, along 
> with the image name, of course. ...CreateProcess() then returns a "handle" 
> to that process, and returns it to the caller. Or, does cygserver itself 
> switch contexts? (hope not - sounds painful) ...Of course, the caller then 
> returns the handle just as _execve() does.

What we're doing to change user context is to call a function
create_token() which is implemented in security.cc.  This is
used in seteuid() to call ImpersonateLoggedOnUser().  In case of
spawn_guts() we're calling CreateProcessAsUser() with that token.
This is IMO the way to go.  The cygserver gets user/group info.
Since it's running under SYSTEM account it has the right to
create a new token, then it CreateProcessAsUser(token) and returns
the process handle.  If cygserver didn't return a handle for
whatever reason, spawn_guts() has to go back to the standard action.
Which is, call CreateProcess(), don't care for switching user context.

> ...If I understand this right, it doesn't sound all that hard! I think I 
> saw code here somewhere that fetches the credentials, and I already have 
> glibc code that pulls user and group info from the system based on the 
> effective user ID of the current process... 

Please be careful.  Don't use any code from glibc!  It's LGPL'd
which taints the Cygwin license.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]