This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ntsec+inetd+cvspserver (was CVS PServer problem)


On Wed, Jan 30, 2002 at 10:46:48AM -0000, Phil Dempster wrote:
> Hi folks,
> 
> I've managed to get CVS pserver running on Win2K (ntsec) and am in the
> process of preparing some documentation for it.  I'm trying to grasp just
> how the user ID switching works when CVS is spawned from inetd.
> 
> I've found that it is not necessary to specify the user as `root' in
> inetd.conf, for example `Guest' will suffice.
> 
> #/etc/inetd.conf
> cvspserver stream tcp nowait Guest /usr/bin/cvs
> cvs -f --allow-root=/usr/local/cvsroot pserver
> 
> I'd hoped that would make it a lot harder for anyone with malicious intent
> to gain access via pserver.  However, I'm not convinced that isn't a bogus
> assumption.  Does anything spawned from inetd run as the same uid as inetd
> itself (i.e. System)?

Heck, why did I wrote /usr/doc/inetutils-1.3.2.README and what are
the announcements good for?  Since version 1.3.2-15 we have the
following (quoted):

      In inetd, allow to start services now as the user given in
      the /etc/inetd.conf service entry.  The user `root' is
      treated special since it doesn't trigger a user context
      switch.  Example:

	ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd

      doesn't trigger a user context switch, the ftp daemon
      will run under SYSTEM account while in

	ftp stream tcp nowait john_doe /usr/sbin/in.ftpd in.ftpd

      inetd will try to run the ftp daemon under the `john_doe'
      account.  This will fail if the account `john_doe' isn't
      correctly set up in /etc/passwd and /etc/group.  However,
      wrong user entries or failed user context switches are
      logged in the NT event log so it should be easy to debug.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]