This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: exec after seteuid
At 09:14 PM 6/7/2003 +0200, Corinna Vinschen wrote:
>> Here is a candidate patch. I don't want to start sinking
>> test time before you have a chance to tell me it won't work,
>> or improve it.
>
>No, that's an interesting idea. I would appreciate some testing.
>
OK, will do. I already saw some small holes, related to
Win9X support and the case where the token changes because
of groups.
>> If both uids have changed, then we need to build two
>> tokens. That's a big job.
>
>But that isn't very likely, right? Most setuid applications are
>either changing the uid for a quick job or they switch over
>entirely to ruid == euid for their unprivileged child processes.
100% OK
>Do you think it's worth to consider such a border case?
Not until someone asks for it!
I was just thinking about the security implications. For example
login uses seteuid. With the change, the shell would still start
with ruid = 18, and a simple RevertToSelf would bring privileges
back. I think (all ?) shells setuid(geteuid()), but in Cygwin the
change wouldn't really be effective until the next exec.
Perhaps it would be safer to have login and such use setuid.
Pierre