This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
[Patch]: seteuid
- From: "Pierre A. Humblet" <pierre at phumblet dot no-ip dot org>
- To: cygwin-patches at cygwin dot com
- Date: Fri, 07 Jan 2005 23:59:18 -0500
- Subject: [Patch]: seteuid
Currently the process default dacl is changed in seteuid even
when seteuid fails. This is a potentially security hole.
The patch fixes it.
Also HKCU is not closed anymore, as it is not used by Cygwin.
It's now up to applications (if any) to close it, and they should
keep MS KB 199190 in mind.
Pierre
2005-01-08 Pierre Humblet <pierre.humblet@ieee.org>
* syscalls.cc (seteuid32): Only change the default dacl when
seteuid succeeds. Do not close HKCU.
Index: syscalls.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/syscalls.cc,v
retrieving revision 1.355
diff -u -p -r1.355 syscalls.cc
--- syscalls.cc 6 Jan 2005 22:10:08 -0000 1.355
+++ syscalls.cc 8 Jan 2005 00:56:42 -0000
@@ -2066,7 +2066,7 @@ seteuid32 (__uid32_t uid)
if (!wincap.has_security () && pw_new)
{
load_registry_hive (pw_new->pw_name);
- goto success_9x;
+ goto success_9x;
}
if (!usersid.getfrompw (pw_new))
{
@@ -2103,16 +2103,6 @@ seteuid32 (__uid32_t uid)
debug_printf ("Found token %d", new_token);
- /* Set process def dacl to allow access to impersonated token */
- if (sec_acl ((PACL) dacl_buf, true, true, usersid))
- {
- tdacl.DefaultDacl = (PACL) dacl_buf;
- if (!SetTokenInformation (ptok, TokenDefaultDacl,
- &tdacl, sizeof dacl_buf))
- debug_printf ("SetTokenInformation"
- "(TokenDefaultDacl), %E");
- }
-
/* If no impersonation token is available, try to
authenticate using NtCreateToken () or subauthentication. */
if (new_token == INVALID_HANDLE_VALUE)
@@ -2132,6 +2122,16 @@ seteuid32 (__uid32_t uid)
cygheap->user.internal_token = new_token;
}
+ /* Set process def dacl to allow access to impersonated token */
+ if (sec_acl ((PACL) dacl_buf, true, true, usersid))
+ {
+ tdacl.DefaultDacl = (PACL) dacl_buf;
+ if (!SetTokenInformation (ptok, TokenDefaultDacl,
+ &tdacl, sizeof dacl_buf))
+ debug_printf ("SetTokenInformation"
+ "(TokenDefaultDacl), %E");
+ }
+
if (new_token != ptok)
{
/* Avoid having HKCU use default user */
@@ -2166,11 +2166,8 @@ success_9x:
cygheap->user.set_name (pw_new->pw_name);
myself->uid = uid;
groups.ischanged = FALSE;
- if (!issamesid) /* MS KB 199190 */
- {
- RegCloseKey (HKEY_CURRENT_USER);
- user_shared_initialize (true);
- }
+ if (!issamesid)
+ user_shared_initialize (true);
return 0;
failed: