This is the mail archive of the
mailing list for the Cygwin project.
Re: Corinna or Pierre please comment? [firstname.lastname@example.org: Re: setuid
On Fri, Jul 19, 2002 at 10:42:58AM -0400, Pierre A. Humblet wrote:
> Right, I had not considered that. However it's a moot point
> because create_token is only called from seteuid, which checks
> that prgpsid isn't NULL (same for usersid). So we can go three ways:
> - apply the patch and move on.
> - go all the way and remove the test for NULL pgrpsid
> (we don't check NULL usersid either)
> - go back to the way it was, either I produce a new patch or I revert
> that part later.
I've choosen the first one and applied your patch.
> It's fine. The idea (see old mail) is that if the pgrpsid is special because
> setgid has set a gid that is not in passwd nor in the aux groups, nor in
> the Windows equivalents, (this happens e.g. with mailers setgid to the
> "mail" group), then the token has more rights than what the user
> normally has when she logs in. verify_token is then stricter
> with that token.
> The same kind of issues, just more complicated, occur with setgroups().
> I will revisit the whole thing.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.