exec after seteuid

Pierre A. Humblet Pierre.Humblet@ieee.org
Sat Jun 7 13:40:00 GMT 2003


Corinna,

I was thinking about the seteuid question on the list.
It seems to me that we can easily handle the simple case,
where only the euid has changed, the real uid is still
the original uid. Basically it's like the fork case.

Here is a candidate patch. I don't want to start sinking
test time before you have a chance to tell me it won't work,
or improve it.

If both uids have changed, then we need to build two
tokens. That's a big job.

Pierre


Index: spawn.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/spawn.cc,v
retrieving revision 1.122
diff -u -p -r1.122 spawn.cc
--- spawn.cc    3 Jun 2003 02:32:49 -0000       1.122
+++ spawn.cc    7 Jun 2003 13:26:18 -0000
@@ -622,7 +622,7 @@ spawn_guts (const char * prog_arg, const
   cygbench ("spawn-guts");
 
   cygheap->fdtab.set_file_pointers_for_exec ();
-  if (!cygheap->user.issetuid ())
+  if (cygheap->user.orig_uid == cygheap->user.real_uid)
     {
       PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf);
       ciresrv.moreinfo->envp = build_env (envp, envblock,
ciresrv.moreinfo->envc,
/src/winsup/cygwin: cvs diff -up uinfo.cc 
Index: uinfo.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/uinfo.cc,v
retrieving revision 1.112
diff -u -p -r1.112 uinfo.cc
--- uinfo.cc    27 Feb 2003 17:41:15 -0000      1.112
+++ uinfo.cc    7 Jun 2003 13:26:33 -0000
@@ -107,8 +107,14 @@ uinfo_init ()
     {
       if (!child_proc_info)
        internal_getlogin (cygheap->user); /* Set the cygheap->user. */
-      else
+      else if (cygheap->user.orig_uid != cygheap->user.real_uid)
        CloseHandle (cygheap->user.token);
+      else 
+        {
+          if (!ImpersonateLoggedOnUser (cygheap->user.token))
+           system_printf ("Impersonate for execed failed: %E");
+         return;
+       }
       cygheap->user.set_orig_sid ();   /* Update the original sid */
       cygheap->user.token = INVALID_HANDLE_VALUE; /* No token present */
     }



More information about the Cygwin-developers mailing list