This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
exec after seteuid
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: cygwin-developers at cygwin dot com
- Date: Sat, 07 Jun 2003 09:40:44 -0400
- Subject: exec after seteuid
Corinna,
I was thinking about the seteuid question on the list.
It seems to me that we can easily handle the simple case,
where only the euid has changed, the real uid is still
the original uid. Basically it's like the fork case.
Here is a candidate patch. I don't want to start sinking
test time before you have a chance to tell me it won't work,
or improve it.
If both uids have changed, then we need to build two
tokens. That's a big job.
Pierre
Index: spawn.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/spawn.cc,v
retrieving revision 1.122
diff -u -p -r1.122 spawn.cc
--- spawn.cc 3 Jun 2003 02:32:49 -0000 1.122
+++ spawn.cc 7 Jun 2003 13:26:18 -0000
@@ -622,7 +622,7 @@ spawn_guts (const char * prog_arg, const
cygbench ("spawn-guts");
cygheap->fdtab.set_file_pointers_for_exec ();
- if (!cygheap->user.issetuid ())
+ if (cygheap->user.orig_uid == cygheap->user.real_uid)
{
PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
ciresrv.moreinfo->envp = build_env (envp, envblock,
ciresrv.moreinfo->envc,
/src/winsup/cygwin: cvs diff -up uinfo.cc
Index: uinfo.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/uinfo.cc,v
retrieving revision 1.112
diff -u -p -r1.112 uinfo.cc
--- uinfo.cc 27 Feb 2003 17:41:15 -0000 1.112
+++ uinfo.cc 7 Jun 2003 13:26:33 -0000
@@ -107,8 +107,14 @@ uinfo_init ()
{
if (!child_proc_info)
internal_getlogin (cygheap->user); /* Set the cygheap->user. */
- else
+ else if (cygheap->user.orig_uid != cygheap->user.real_uid)
CloseHandle (cygheap->user.token);
+ else
+ {
+ if (!ImpersonateLoggedOnUser (cygheap->user.token))
+ system_printf ("Impersonate for execed failed: %E");
+ return;
+ }
cygheap->user.set_orig_sid (); /* Update the original sid */
cygheap->user.token = INVALID_HANDLE_VALUE; /* No token present */
}