Windows 2003

Igor Pechtchanski
Fri Jul 11 13:14:00 GMT 2003

On Fri, 11 Jul 2003, Corinna Vinschen wrote:

> On Fri, Jul 11, 2003 at 08:44:10AM -0400, Igor Pechtchanski wrote:
> > On Fri, 11 Jul 2003, Corinna Vinschen wrote:
> >
> > > On Thu, Jul 10, 2003 at 05:05:55PM -0400, Pierre A. Humblet wrote:
> > > > I just reread the CreateProcessAsUser page. We do a RevertToSelf, so
> > > > we access the executable image in the security context of the caller.
> > > > Accessing C:\cygwin\bin\bash.exe isn't the issue, the error message
> > > > must be about some other path...
> > >
> > > I've just got it working with a non-SYSTEM user under which sshd is
> > > running.  The problem was a still missing user privilege.  The user
> > > starting sshd as service needs not only the "Create a token object"
> > > but also the "Replace a process level token" privilege, otherwise
> > > the CreateProcessAsUser fails.  After finding it it suddenly is clear
> > > why it didn't work.
> > >
> > > Corinna
> >
> > I guess it pays to read your own documentation:
> > <>... ;-)
> Actually I was sure that Admins have this right by default.  Well...
> > Should the above be updated with new privileges for Win2003, BTW?
> Yes, that would probably make sense.  However, before changing the
> documentation, we should consider how we want to go ahead in future.
> Since SYSTEM is now not the right account anymore to do this sort of
> stuff with and since we're just breaking things anyway (1.5.0-wise),
> it would be good to redefine how we want to handle all this security
> issues from now on.
> Just as an example:  Currently SYSTEM's uid 18 is used as a root uid
> and applications like cron or proftpd are relying on this uid being
> SYSTEM or, at least, a privileged account.
> OTOH, this is a bit of a nightmare when porting these applications
> since it requires a careful examiniation of code, like, e. g.
> `if (!uid) ...'.
> So (still as example) what about changing this to uid 0?  Anybody
> who needs to run service applications with special privileges should
> run them under the uid 0 account.  The uid 0 account could be created
> by a special script started from setup or from the command line.
> There's nothing keeping us from creating a Windows account "root"
> with Admin privileges plus all these dangerous "create token",
> "replace token" and "act as part of the OS" privileges.  Then we
> could use this one for all the dirty work.
> Corinna

I think changing the privileged UID to 0 (and the user name to "root")
will be consistent with Linux and also easy for people to understand.  In
fact, we could have *two* entries in /etc/passwd with the same SID but
different UIDs (the below is from my /etc/passwd):

   root:*:0:18:Local System,S-1-5-18:/root:/bin/bash
   SYSTEM:*:18:18:Local System,S-1-5-18::

I didn't muck around with groups in that one.
The SYSTEM username will still be supported, but apps could also use
"root" and UID 0.

Someone proposed adding a "useradd" utility to Cygwin.  This could be
fixed so that adding a user named "root" with UID 0 will give the account
the appropriate privileges (or use the SYSTEM account on WinNT/2k).
      |\      _,,,---,,_
ZZZzz /,`.-'`'    -.  ;-;;,_
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

More information about the Cygwin-developers mailing list