This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

exec after seteuid


Corinna,

I was thinking about the seteuid question on the list.
It seems to me that we can easily handle the simple case,
where only the euid has changed, the real uid is still
the original uid. Basically it's like the fork case.

Here is a candidate patch. I don't want to start sinking
test time before you have a chance to tell me it won't work,
or improve it.

If both uids have changed, then we need to build two
tokens. That's a big job.

Pierre


Index: spawn.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/spawn.cc,v
retrieving revision 1.122
diff -u -p -r1.122 spawn.cc
--- spawn.cc    3 Jun 2003 02:32:49 -0000       1.122
+++ spawn.cc    7 Jun 2003 13:26:18 -0000
@@ -622,7 +622,7 @@ spawn_guts (const char * prog_arg, const
   cygbench ("spawn-guts");
 
   cygheap->fdtab.set_file_pointers_for_exec ();
-  if (!cygheap->user.issetuid ())
+  if (cygheap->user.orig_uid == cygheap->user.real_uid)
     {
       PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
       ciresrv.moreinfo->envp = build_env (envp, envblock,
ciresrv.moreinfo->envc,
/src/winsup/cygwin: cvs diff -up uinfo.cc 
Index: uinfo.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/uinfo.cc,v
retrieving revision 1.112
diff -u -p -r1.112 uinfo.cc
--- uinfo.cc    27 Feb 2003 17:41:15 -0000      1.112
+++ uinfo.cc    7 Jun 2003 13:26:33 -0000
@@ -107,8 +107,14 @@ uinfo_init ()
     {
       if (!child_proc_info)
        internal_getlogin (cygheap->user); /* Set the cygheap->user. */
-      else
+      else if (cygheap->user.orig_uid != cygheap->user.real_uid)
        CloseHandle (cygheap->user.token);
+      else 
+        {
+          if (!ImpersonateLoggedOnUser (cygheap->user.token))
+           system_printf ("Impersonate for execed failed: %E");
+         return;
+       }
       cygheap->user.set_orig_sid ();   /* Update the original sid */
       cygheap->user.token = INVALID_HANDLE_VALUE; /* No token present */
     }


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]