On Wed, Jan 30, 2002 at 10:46:48AM -0000, Phil Dempster wrote:
> Hi folks,
>
> I've managed to get CVS pserver running on Win2K (ntsec) and am in the
> process of preparing some documentation for it. I'm trying to grasp just
> how the user ID switching works when CVS is spawned from inetd.
>
> I've found that it is not necessary to specify the user as `root' in
> inetd.conf, for example `Guest' will suffice.
>
> #/etc/inetd.conf
> cvspserver stream tcp nowait Guest /usr/bin/cvs
> cvs -f --allow-root=/usr/local/cvsroot pserver
>
> I'd hoped that would make it a lot harder for anyone with malicious intent
> to gain access via pserver. However, I'm not convinced that isn't a bogus
> assumption. Does anything spawned from inetd run as the same uid as inetd
> itself (i.e. System)?
Heck, why did I wrote /usr/doc/inetutils-1.3.2.README and what are
the announcements good for? Since version 1.3.2-15 we have the
following (quoted):
In inetd, allow to start services now as the user given in
the /etc/inetd.conf service entry. The user `root' is
treated special since it doesn't trigger a user context
switch. Example:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
doesn't trigger a user context switch, the ftp daemon
will run under SYSTEM account while in
ftp stream tcp nowait john_doe /usr/sbin/in.ftpd in.ftpd
inetd will try to run the ftp daemon under the `john_doe'
account. This will fail if the account `john_doe' isn't
correctly set up in /etc/passwd and /etc/group. However,
wrong user entries or failed user context switches are
logged in the NT event log so it should be easy to debug.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:[EMAIL PROTECTED]
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
