This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: uw-imap-imapd: suggestions for cyg_server issue
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: "Shaddy Baddah" <helium at shaddybaddah dot name>, <cygwin-apps at cygwin dot com>
- Date: Thu, 11 Feb 2010 17:39:13 -0500
- Subject: Re: uw-imap-imapd: suggestions for cyg_server issue
- References: <4B748462.3050201@shaddybaddah.name>
The problem you will run into is that 544 can be changed (e.g. to 0).
It's better to do it learn it dynamically.
The following is from the cron package source code.
in xxxx.h
#if defined(__CYGWIN__)
#include <windows.h>
#include <sys/cygwin.h>
/* Macro to define variable length SID structures */
#define SID(n, name, sid...) \
struct { \
BYTE Revision; \
BYTE SubAuthorityCount; \
SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
DWORD SubAuthority[n]; \
} name = { SID_REVISION, n, {SECURITY_NT_AUTHORITY}, {sid}}
in yyyy.c
#else /* __CYGWIN__ */
if (is_winnt) {
SID(2, AdminsSid, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS);
int admins_gid = cygwin_internal(CW_GET_GID_FROM_SID, &AdminsSid);
Pierre
----- Original Message -----
From: "Shaddy Baddah" <helium@shaddybaddah.name>
To: <cygwin-apps@cygwin.com>
Sent: Thursday, February 11, 2010 17:27
Subject: uw-imap-imapd: suggestions for cyg_server issue
| Hi,
|
| I have discovered that there is an issue with imapd when installed on
| Vista/W7. When started through inetd, any imap connection is
| preauthenticated onto the cyg_server account running the inetd Windows
| service.
|
| I have traced the issue to the root uid emulation employed by the
| Cygwin specific code, used to correct the Unix model of only uid 0
| being privileged. It only performs the emulation if the SYSTEM user is
| the process owner.
|
| Cygwin uses cyg_server as a necessary alternative for all releases
| Windows 2003 server onwards.
|
| There are two solutions here. The first I consider a workaround. The
| /usr/share/doc/Cygwin/uw-imap-2007.README could document that a user
| could remap the uids of SYSTEM and cyg_server in /etc/passwd so that
| cyg_server took SYSTEMS RID 18 as its uid.
|
| The second is the patch (that can be applied to the cygport
| ./uw-imap-2007-2.cygport prepare 'ed source) I have attached. The
| patch checks the gids for the process (using POSIX getgroups()) and
| searches for the Administrators group RID 544. The attached patch
| describes this non-direct approach to identifying cyg_server, and
| avoiding preauth.
|
| Your thoughts on this would be greatly appreciated.
|
| Regards,
| Shaddy
|
| PS: I segued onto this from my screen debugging because I remembered
| this issue, and thought it might be related to any potential problem
| with the Cygwin privilege model. Time permitting, I will be getting
| back onto that problem (as it does block me from using screen
| properly).
|
|
|