This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: setreuid


hope you still remember this thread :)

On Fri, Oct 17, 2003 at 03:52:03PM +0200, Corinna Vinschen wrote:
> > > Start a
> > > service under system account as inetd and let it handle the user context
> > > switch.
> > Thanks for the tip, I'll do so.
> To be more correct:  Start inetd or xinetd as service, and add rsync to
> /etc/inetd.conf or /etc/xinetd.d/.  Or, if rsync can handle this (I don't
> know), start it directly from cygrunsrv also under SYSTEM account.

I've played with all alternatives, and everything works fine (BTW, it
was a TFTP server).

After some thinking I decided to keep the setup as simple as possible,
and not to use inetd. So, I have the following options:

1. Patch the server not to use setreuid, install it as a service and run
   it as SYSTEM.

2. Install the server as a service, give the SYSTEM user "Create a token
   object" privilege and let the server setreuid to nobody.

3. Install the server as a service to be run as nobody or as a special
   user just for this service (say, "tftp").

I am personally inclined to use (1). It seems to me that (2) brings more
risk than security, and that (3) differs not much from (1). What do you
think? Do you think (1) is the best solution? Which one would you

Thanks in advance,

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]