Hi all,
Just to let you know that I fixed my desktop permissions problem on the application
side by making sure that I do not add ACEs to an empty DACL.
Details
----
When doing a suid (CreateProcessAsUser) cygwin sets up a null Security Descriptor (SD)
for Station and Desktop that opens up access to everyone. This descriptor has an empty
Discretionaty Access Control List (DACL). Adding an Allowed Access Control Entry (ACE)
to this DACL leads to the counter-intuitive result to restrict access to only that
user, not even LocalSystem or Administrator can access the Station/Desktop. The system
will break when this occurs on the non-interactive station/desktop: most of the
services that use user32.dll (and it is difficult not to use it) won't be able to
restart. The most visible symptoms are the nasty message boxes 'user32.dll could not
initialize'. A system reboot is needed to revert to normal operation.
I do not know what the proper approach is here for future cygwin versions. Opening up
access to everyone to the non-interactive station/desktop does not sound as a great
ideea, however I do not know how one could exploit it. The same type of operation on
the interactive desktop would be a lot more troublesome since a rogue program may be
able to read passwords as you type them in.
If you have a cygwin based daemon it may be a good system design to run it on a
different user, not as LocalSystem. In this case NT will generate a new
station/desktop for the programs in that security context. Of course creating too many
stations may crash NT by itself since they share some statically allocated memory
zone.
Anyway, I hope the tip will be useful to other developers that need to coexist with
cygwin.
Marius Seritan
----- Original Message -----
From: "Marius Seritan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, October 08, 2002 8:06 AM
Subject: Re: Problem with Station/Desktop permissions
> Larry and cygwin-list readers,
>
> In my own code I am using the fksec C++ library,
>http://www.mvps.org/win32/security/fksec.html. I am not sure if people are willing to
>link that library in cygwin. In the affirmative I can suggest a patch to the list
>that would add the appropriate ACEs to the Station and Desktop SDs, instead of
>replacing them with a null SD.
>
> Note that I am not an NT security expert, I can only contribute some code that is
>working for me.
>
> Marius
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, October 08, 2002 7:54 AM
> Subject: RE: Problem with Station/Desktop permissions
>
>
> Hi Marius,
>
> I don't believe there is any active work going on in the area that you
> mention. It seems to change and improve on an "as-needed" basis based
> on bug reports and the like. If you are interested in suggesting a
> patch, I'm sure the list would be interested in reviewing your ideas.
>
> Larry
>
> Original Message:
> -----------------
> From: Marius Seritan [EMAIL PROTECTED]
> Date: Mon, 7 Oct 2002 14:32:47 -0700
> To: [EMAIL PROTECTED]
> Subject: Problem with Station/Desktop permissions
>
>
>
> <snip>
>
> From what I see from the sources, cygwin is also adjusting the permissions
> on the station\desktop. The approach taken in spawn.cc is a lot more
> radical though, the security descriptor is basically blown away. This seems
> to break my code.
>
> Has anybody else encountered this problem? Are there plans to move to a
> more nuanced approach when adjusting the permissions on the window
> stations/desktop?
>
> Thanks for any pointers/comments.
>
> Marius Seritan
> Engineering
> [EMAIL PROTECTED]
>
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
>
>
