This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Problems on accessing Windows network resources
On Tue, Jun 10, 2003 at 12:50:18PM -0400, Pierre A. Humblet wrote:
> > I'm wondering if we can't simply make the assumption, that when the
> > application calls seteuid(orig_uid) just triggers a RevertToSelf()
> > and nothing else. I don't know a case where the application reverts
> > to orig_uid to keep the group rights. Do you know one?
>
> I have met that case, for example when you send mail to SYSTEM with
> exim (sending mail to root). There is at some point a token
> with the pair (mail_gid, system_uid).
> However we can add a test to detect that: if the application
> calls seteuid(orig_uid) AND there has not been a setegid call
> since the last seteuid(), then RevertToSelf.
Somehow this seems to fit into the below description. If the application
didin't call setegid() and seteuid(orig_sid), revert, else impersonate...
roughly spoken.
> We would have to change myself->gid to orig_gid as well, remember the
> one we had before the RevertToSelf, and switch back to it on the
> next seteuid.
> An advantage of this approach is that we never create an unnecessary
> token for the pair (user_gid, orig_uid).
>
> > And the other way around, if the application provides a token with
> > cygwin_set_impersonation_token(), then that means, IMHO:
> >
> > - The application calls setegid() with gid != token_primary_group_gid:
> >
> > trigger create_token in a later call to seteuid()
> >
> > - The application calls setegid() with gid == token_primary_group_gid:
> >
> > Use token from cygwin_set_impersonation_token().
> >
> > - The application doesn't call setegid():
> >
> > Ditto.
> >
> > Case 3 is the interesting one.
>
> I would modify it as follows: if the application doesn't call setegid(),
> and there is a saved_gid, use that gid (and the token that goes with
> the pair).
Ahm... what saved_gid? I don't understand.
> I can still do that this evening.
Would be nice.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.