This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Windows 2003
- From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu>
- To: cygwin-developers at cygwin dot com
- Date: Fri, 11 Jul 2003 09:14:02 -0400 (EDT)
- Subject: Re: Windows 2003
- Reply-to: cygwin-developers at cygwin dot com
On Fri, 11 Jul 2003, Corinna Vinschen wrote:
> On Fri, Jul 11, 2003 at 08:44:10AM -0400, Igor Pechtchanski wrote:
> > On Fri, 11 Jul 2003, Corinna Vinschen wrote:
> >
> > > On Thu, Jul 10, 2003 at 05:05:55PM -0400, Pierre A. Humblet wrote:
> > > > I just reread the CreateProcessAsUser page. We do a RevertToSelf, so
> > > > we access the executable image in the security context of the caller.
> > > > Accessing C:\cygwin\bin\bash.exe isn't the issue, the error message
> > > > must be about some other path...
> > >
> > > I've just got it working with a non-SYSTEM user under which sshd is
> > > running. The problem was a still missing user privilege. The user
> > > starting sshd as service needs not only the "Create a token object"
> > > but also the "Replace a process level token" privilege, otherwise
> > > the CreateProcessAsUser fails. After finding it it suddenly is clear
> > > why it didn't work.
> > >
> > > Corinna
> >
> > I guess it pays to read your own documentation:
> > <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID>... ;-)
>
> Actually I was sure that Admins have this right by default. Well...
>
> > Should the above be updated with new privileges for Win2003, BTW?
>
> Yes, that would probably make sense. However, before changing the
> documentation, we should consider how we want to go ahead in future.
>
> Since SYSTEM is now not the right account anymore to do this sort of
> stuff with and since we're just breaking things anyway (1.5.0-wise),
> it would be good to redefine how we want to handle all this security
> issues from now on.
>
> Just as an example: Currently SYSTEM's uid 18 is used as a root uid
> and applications like cron or proftpd are relying on this uid being
> SYSTEM or, at least, a privileged account.
>
> OTOH, this is a bit of a nightmare when porting these applications
> since it requires a careful examiniation of code, like, e. g.
> `if (!uid) ...'.
>
> So (still as example) what about changing this to uid 0? Anybody
> who needs to run service applications with special privileges should
> run them under the uid 0 account. The uid 0 account could be created
> by a special script started from setup or from the command line.
> There's nothing keeping us from creating a Windows account "root"
> with Admin privileges plus all these dangerous "create token",
> "replace token" and "act as part of the OS" privileges. Then we
> could use this one for all the dirty work.
>
> Corinna
I think changing the privileged UID to 0 (and the user name to "root")
will be consistent with Linux and also easy for people to understand. In
fact, we could have *two* entries in /etc/passwd with the same SID but
different UIDs (the below is from my /etc/passwd):
root:*:0:18:Local System,S-1-5-18:/root:/bin/bash
SYSTEM:*:18:18:Local System,S-1-5-18::
I didn't muck around with groups in that one.
The SYSTEM username will still be supported, but apps could also use
"root" and UID 0.
Someone proposed adding a "useradd" utility to Cygwin. This could be
fixed so that adding a user named "root" with UID 0 will give the account
the appropriate privileges (or use the SYSTEM account on WinNT/2k).
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton