This is the mail archive of the
mailing list for the Cygwin project.
Re: [RFC] Globally creating a user and a group "root"
On Wed, Nov 12, 2003 at 05:37:33AM -0500, Pierre A. Humblet wrote:
> At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote:
> >On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote:
> >> It autodetects if it is privileged and, if so, setgid(544) & setuid(18)
> >> to normalize its environment (that was done with Windows 2003 in mind).
> >I don't understand. You were the one who figured out the 2003 problem
> >with the SYSTEM account. So, erm...
> No sure what you mean. Recall that when we setuid(18) we use the privileges
> that are defined for SYSTEM in security.cc, not those that MS assigns on 2003.
I don't understand the "that was done with Windows 2003 in mind".
Setting the uid to 18 in exim seems counterproductive in that environment.
> >Anyway, I think we should add "root/0" to /etc/group so that it comes
> >before the "administrators/544" entry right from the beginning. What
> >happens in an exim installation then?
> Actually it works just fine, and both 544 and 0 appear in id.
> Patting myself on the back :)
> I have one extra comment: Cygwin introduces a number of security holes,
> which I have started to plug. The fixes to the biggest ones
> seem to be stalled, and there are still a number of other patches to come.
I've tested your patch already a while ago and it seemed to work fine.
It's Chris call.
> By introducing the root user on 2003 we are undoing positive steps taken by
Well, I don't see these steps as positive. To me it looks like healing
the effect, not the cause. From my point of view, the whole authentication
problems and the missing suid/sgid bit concept are a design flaw. YMMV.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.