This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problems on accessing Windows network resources


Corinna Vinschen wrote:
> 
> On Tue, Jun 10, 2003 at 11:14:35AM -0400, Pierre A. Humblet wrote:
> > The cleanest way to fixup the problem in cygwin is to
> > keep the token from the cygwin_logon_user even
> > when creating an internal token, and to go back to
> > it automatically when needed.
> > It's easy, I can probably do that this evening.
> 
> How do you determine that it's needed?

When doing a seteuid check if any of the available
tokens (currently at most 1) does the job, otherwise create
a new one.
 
> > Another way is to assume that when we setuid to 18,
> > we also implicitly setgid to 544. That's more risky
> > because some installations (possibly the 2003 machines)
> > may use another SID than SYSTEM to run their daemons.
> 
> I'm wondering if we can't simply make the assumption, that when the
> application calls seteuid(orig_uid) just triggers a RevertToSelf()
> and nothing else.  I don't know a case where the application reverts
> to orig_uid to keep the group rights.  Do you know one?

I have met that case, for example when you send mail to SYSTEM with 
exim (sending mail to root). There is at some point a token 
with the pair (mail_gid, system_uid). 
However we can add a test to detect that: if the application
calls seteuid(orig_uid) AND there has not been a setegid call
since the last seteuid(), then RevertToSelf.  

We would have to change myself->gid to orig_gid as well, remember the
one we had before the RevertToSelf, and switch back to it on the
next seteuid.
An advantage of this approach is that we never create an unnecessary
token for the pair (user_gid, orig_uid).
  
> And the other way around, if the application provides a token with
> cygwin_set_impersonation_token(), then that means, IMHO:
> 
> - The application calls setegid() with gid != token_primary_group_gid:
> 
>         trigger create_token in a later call to seteuid()
> 
> - The application calls setegid() with gid == token_primary_group_gid:
> 
>         Use token from cygwin_set_impersonation_token().
> 
> - The application doesn't call setegid():
> 
>         Ditto.
> 
> Case 3 is the interesting one.

I would modify it as follows: if the application doesn't call setegid(),
and there is a saved_gid, use that gid (and the token that goes with
the pair).

I can still do that this evening.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]