uw-imap-imapd: suggestions for cyg_server issue

Pierre A. Humblet Pierre.Humblet@ieee.org
Fri Feb 12 02:18:00 GMT 2010 

At 06:11 PM 2/11/2010, Shaddy Baddah wrote:
>Hi Pierre,
>
>On 11/02/2010 10:39 PM, Pierre A. Humblet wrote:
>>The problem you will run into is that 544 can be changed (e.g. to 0).
>>It's better to do it learn it dynamically.
>>The following is from the cron package source code.
><snip>
>
>Thanks for that. Yes, I have a similar patch I made in my experimental
>branch. I make one, IMO, slightly stronger assumption (than having a
>fixed RID) that enables the check to be all POSIX.
>
>I assume that the correct SID is always in the password field for both
>passwd and group. I then search for these files for the SIDs of SYSTEM
>user and Administrators group. The checks from there are the same.
>
>The problem with this patch is, for consistency, I would have had to
>do the same for checkpw() in imap-2007/src/osdep/unix/ckp_cyg.c,
>which also assumes SYSTEM RID. This had two problems, a) increased
>complexity, b) my method to eliminate cyg_server is to eliminate
>Administrators. Firstly, I wouldn't be able to check for this using
>pure POSIX, as I don't get the luxury of getgroups() until after the
>user is logged in. Secondly, many users are in the Administrators
>group. It would not do to eliminate them from logging in. I would need
>some other heuristic to detect the cyg_server user (if I want to avoid
>a known names list, like csih helper).
>
>Thanks,
>Shaddy
>
>PS: Respectfully, you may want to do
>http://cygwin.com/acronyms/#PCYMTNQREAIYR to avoid the below
>situation. Thanks in advance.

Sorry for not removing your e-mail address, I  try not to forget.
I don't know imap nor the consequences of "performing the emulation" 
when it's not required,
just avoiding using a fixed 544.

A stronger test would be to get the privileges, but I don't know how 
to do that with Posix.
Perhaps we could add a cygwin_internal() call to detect that, if it's 
really necessary.

A Posix but somewhat cumbersome test would be to seteuid to any other 
existing uid (e.g. system).
If it succeeds, it's privileged and you can setuid back to what you 
started from.
Just brainstorming....

Pierre

More information about the Cygwin-apps mailing list