This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: The eternal uid issue


Hi Corinna,

Corinna Vinschen wrote:
> 
> > Isn't it about time to make this our First Directive also?
> 
> Not in relation to the uid.  In contrast to Linux we don't have the one
> single root user.  We have potentially endless numbers of them, and one
> of them, not necessarily SYSTEM, is used to run the service.  Keep in
> mind that there may also be company policy in place which disallows
> installing services under specific accounts unless absolutely necessary.
> 
> Therefore, while we mostly strive to make Cygwin accommodate user
> space, we're not able to do it related to the root uid.
> 

Thanks for your lengthly and detailed answer. I appreciate that. But don't you think
upstream maintainers will raise at least one eyebrow if we propose code that makes
any user who starts the program the root/admin user?
You suggest only those who are in the admin group. But that will soon be any service
that starts up.

It actually is my solution to running Sendmail: create the Sendmail user, called
'smmsp' and make it an Administrator, so it can impersonate users on my system.
But I don't like my solution, because this would mean I have to create an admin-user
for any Linux service that I install. So now my Cygwin setup would be crowded with
highly
privileged daemons, listening, waiting to get hacked.

The more elegant solution would be to create only one secondary privileged user,
let's call it 'root' ;-). Now Sendmail can start as root, switch to the totally
*unprivileged* 'smmsp' user and receive mail.
Of course the real bonus is that these unprivileged users wouldn't need passwords,
since they are impersonated, not logged on. These would consequently be
*super-secure* users, because it is impossible to login with an empty password.

Why is this related to the uid issue? I already tested the second solution. I found
out that if I assign my 'root' user the '0' id in /etc/passwd, it actually works. I
was delighted, because I could roll-back all these weird changes I put in the
Sendmail/procmail/mail.local source to fix the getuid != 0 problem.

If we go with this MS-imposed idea of "putting services in admin-context", Cygwin
security will be done for in the long run. Why not make the leap and show MS
admins/developers how it should be done?

Sincerely,
Daniel


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]