This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
bash/rlogin can get user id different from NT login.
- From: "Fletcher, Bob (GEAE, EB&TS)" <bob dot fletcher at ae dot ge dot com>
- To: "'cygwin at cygwin dot com'" <cygwin at cygwin dot com>
- Date: Fri, 7 Dec 2001 17:20:58 -0500
- Subject: bash/rlogin can get user id different from NT login.
Hello,
Consider the following passwd under cygwin: (1.3.)
user1:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
One:/home/user1:/bin/bash
user2:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
Two:/home/user2:/bin/bash
Note that user1 and user2 two have the same UID. (!)
If I log in to W2000 as user2, and start bash, it thinks that I am user1.
If user1 was silly enough to
myhosthame user1
or god forbid
+ user1
in a Unix .rhosts file, I will have access to that account.
I'm guessing that bash does something like:
Find my Windows ID (answer user2) .
Look that ID up in passwd and get the UID. ( answer 1001)
Look that UID up in the Passwd file, and get my cygwin ID ( answer
user1)
If I run rlogin, cygwin happily tells Unix that I am in fact user1, which I
am not.
I suppose that the simple answer is "don't do that!". You have to keep
passwd under control. But, shouldn't cygwin be able to directly use my
windows login id from step 1? Why map it (twice?) through the passwd file?
Bob.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/