This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: The eternal uid issue


Greetings, D. Boland!

> Hi Corinna,

> Corinna Vinschen wrote:
>> 
>> > Isn't it about time to make this our First Directive also?
>> 
>> Not in relation to the uid.  In contrast to Linux we don't have the one
>> single root user.  We have potentially endless numbers of them, and one
>> of them, not necessarily SYSTEM, is used to run the service.  Keep in
>> mind that there may also be company policy in place which disallows
>> installing services under specific accounts unless absolutely necessary.
>> 
>> Therefore, while we mostly strive to make Cygwin accommodate user
>> space, we're not able to do it related to the root uid.
>> 

> Thanks for your lengthly and detailed answer. I appreciate that. But don't you think
> upstream maintainers will raise at least one eyebrow if we propose code that makes
> any user who starts the program the root/admin user?

You obviously did not understand Corinna's reply.
And removed the part of reply that directly answer all your questions.

> You suggest only those who are in the admin group. But that will soon be any service
> that starts up.

That's essentially the same as starting services as root on *NIX system.
I fail to see the difference.

> It actually is my solution to running Sendmail: create the Sendmail user, called
> 'smmsp' and make it an Administrator, so it can impersonate users on my system.
> But I don't like my solution, because this would mean I have to create an admin-user
> for any Linux service that I install. So now my Cygwin setup would be crowded with
> highly privileged daemons, listening, waiting to get hacked.

Windows privilege model allow you to alleviate such concerns.

> The more elegant solution would be to create only one secondary privileged user,
> let's call it 'root' ;-). Now Sendmail can start as root, switch to the totally
> *unprivileged* 'smmsp' user and receive mail.

This is essentially what Cygwin is doing right now.

> Of course the real bonus is that these unprivileged users wouldn't need passwords,
> since they are impersonated, not logged on. These would consequently be
> *super-secure* users, because it is impossible to login with an empty password.

You'd be surprised.

> Why is this related to the uid issue?

Because there's no fixed UID. This is a core system difference, that you have
to live with.

> I already tested the second solution. I found out that if I assign my 'root'
> user the '0' id in /etc/passwd, it actually works. I was delighted, because
> I could roll-back all these weird changes I put in the
> Sendmail/procmail/mail.local source to fix the getuid != 0 problem.

/etc/passwd will soon be gone.

> If we go with this MS-imposed idea of "putting services in admin-context",

There's no such idea. You just imagined it.

> Cygwin security will be done for in the long run. Why not make the leap and
> show MS admins/developers how it should be done?

You really think they are all idiots?... Like, really?


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 23.07.2014, <20:01>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]