This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[bug: login] login command with -f flag fails to switch user account.


I have found the login command with -f flag fails to switch
user account correctly.

This causes a severe security problem. User can get console
having cyg_server rights without password by following steps.

0.1. Install rsh-sever and rsh with inetutils packages.
0.2. Set them up to work properly.

1.1. Make ~/.rhosts with line 'localhost'
1.2. Execute 'rlogin localhost'.

Now you can get the cyg_server rights.

This is caused by bug of login command. With the settings
above, rlogind is executed as cyg_server account. If .rhosts
is valid, rlogind executes login command with -f flag.

This should switch the user account to the user specified.
However, login command fails to switch the account.
As a result, shell is executed as cyg_server account
instead of specified user account.

I looked into this problem, and found the bug is in login.c.

The account information of targeted user is set to a pointer:
struct passwd *pwd;
by calling getpwnam(username).

This pointer points the system static area. This area is
overwritten with the account information of current user,
i.e. cyg_server, by calling getpwuid(uid) in isROOT_UID().

getpwnam() and getpwuid() seems to share the same system area.

login calls setuid(pwd->pw_uid) and setgid(pwd->pw_gid) to
switch the account, however area pointed by pwd is already
overwritten to the information of current user.

As a result, the account switching is done to the same user
account (cyg_server) though it should be done to the account

Above is the mechanism of this bug.

Takashi Yano <>

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]