Problems on accessing Windows network resources

Corinna Vinschen
Tue Jun 10 17:00:00 GMT 2003

On Tue, Jun 10, 2003 at 12:50:18PM -0400, Pierre A. Humblet wrote:
> > I'm wondering if we can't simply make the assumption, that when the
> > application calls seteuid(orig_uid) just triggers a RevertToSelf()
> > and nothing else.  I don't know a case where the application reverts
> > to orig_uid to keep the group rights.  Do you know one?
> I have met that case, for example when you send mail to SYSTEM with 
> exim (sending mail to root). There is at some point a token 
> with the pair (mail_gid, system_uid). 
> However we can add a test to detect that: if the application
> calls seteuid(orig_uid) AND there has not been a setegid call
> since the last seteuid(), then RevertToSelf.  

Somehow this seems to fit into the below description.  If the application
didin't call setegid() and seteuid(orig_sid), revert, else impersonate...
roughly spoken.

> We would have to change myself->gid to orig_gid as well, remember the
> one we had before the RevertToSelf, and switch back to it on the
> next seteuid.
> An advantage of this approach is that we never create an unnecessary
> token for the pair (user_gid, orig_uid).
> > And the other way around, if the application provides a token with
> > cygwin_set_impersonation_token(), then that means, IMHO:
> > 
> > - The application calls setegid() with gid != token_primary_group_gid:
> > 
> >         trigger create_token in a later call to seteuid()
> > 
> > - The application calls setegid() with gid == token_primary_group_gid:
> > 
> >         Use token from cygwin_set_impersonation_token().
> > 
> > - The application doesn't call setegid():
> > 
> >         Ditto.
> > 
> > Case 3 is the interesting one.
> I would modify it as follows: if the application doesn't call setegid(),
> and there is a saved_gid, use that gid (and the token that goes with
> the pair).

Ahm... what saved_gid?  I don't understand.

> I can still do that this evening.

Would be nice.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

More information about the Cygwin-developers mailing list