On Jun 8 16:46, Houder wrote: > Hi Corinna, > > Maybe you are still around ... otherwise it will be for the next round. > > During my exercise with sshd I was "forced" :-) to study the User Guide, as I > am not "well informed" :-P about the security model of Windows. > > I am referring to this paragraph: > > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview > (switching the user context) > > To get a bit more acquainted with the stuff, I decided to try your example at > the beginning of this paragraph - i.e. the example in subparagraph "Switching > the user context WITH password authentication". > > (I modified the example in order to make a bit more "exciting" -- see below) > > 64-@@# uname -a > CYGWIN_NT-6.1 Seven 2.8.0(0.309/5/3) 2017-04-01 20:47 x86_64 Cygwin > 64-@@# editrights -u Henri -l > SeLockMemoryPrivilege <==== no special? privileges ... > > 64-@@# ./setuid > Password: > BEFORE uid = 1000, gid = 513 > BEFORE euid = 1000, egid = 513 > AFTER uid = 1004, gid = 513 > AFTER euid = 1004, egid = 513 > Surprise: execl() failed: : Operation not permitted > retval = -1 > Should not be reached ... > 64-@@# > > First I tried adding SeTcbPrivilege ("extremely powerful", according to what I > read at MSDN). Logoff/Logon ... > > That did not help. Got the same result. So, NOT that powerful ... > > Secondly I tried adding SeAssignPrimaryTokenPrivilege ... Logoff/Logon ... > > 64-@@# ./setuid > Password: > BEFORE uid = 1000, gid = 513 > BEFORE euid = 1000, egid = 513 > AFTER uid = 1004, gid = 513 > AFTER euid = 1004, egid = 513 > sh-4.4$ id > uid=1004(jvdwater) gid=513(None) groups=513(None),545(Users),11(Authenticated > Users) > sh-4.4$ exit > 64-@@# > > It might be ?obvious? to an expert on Windows (after having searched through > MSDN?), that this privilege (SeAssignPrimaryTokenPrivilege) is required ... > > That is, when one is going to invoke CreateProcessAsUser() ... > > However, someone without that knowledge ... > Perhaps a small note to that effect (special privilege required!) in > "Switching > the user context with password authentication" might help the 'innocent' > reader.
You're not supposed to do that. setuid() is a privileged call, so it's supposed to be called by a privileged process only. Do not add these permissions to a normal user account unless you exactly know what you're doing security-wise. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
signature.asc
Description: PGP signature
