This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Request for help debugging screen problem


Hi Corinna,

On 5/02/2010 3:44 PM, Corinna Vinschen wrote:
On Feb 5 15:08, Shaddy Baddah wrote:
Also, unless you have CYGWIN=server set, this code should not be used
by the pty handler so I don't know why you're looking here.

The answer to Corinna's question may answer that. The situation is that I cannot reattach to a screen session from when logged in via ssh on a Vista or Windows 7 install(which has CYGWIN=server set, right? To be honest, I have lost track of my tinkering with involving cygserver (which wasn't setup when the problem initially presented)). The same sessions can be attached by the same user using a desktop mintty session. And in this particular case, the user is non-Administrator.

  The message gets clobbered by the screen clear, but if you use
strace, the error message seen is:

   185   26254 [main] screen 4812 C:\software\cygwin\bin\screen.exe:
*** fatal error - couldn't initialize fd 0 for /dev/tty2

The issue is almost definitely related to the privilege model on
these OSes, as as I expected, XP doesn't present with the same
problem. It also does not present if I ssh into the unlocked
Administrator account. It of course does present if logged into a
Administrators grouped user account other than the standard
Administrator user.

Really? The user token you're running under should be the elevated admin token with full admin rights, at least as long as you have logged in via ssh. Hmm. Except, if you have logged in via pubkey authentication and you're using the user context switch method 1: http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1 In that case I don't know if the hand-crafted user token is really accepted in terms of mandatory integrity tests, even though the token contains the integrity SID.

I am logging using a password to an sshd configured using ssh-host-config. I login as a regular user only in the Users group, or an user in the Administrators group. Either way, the situation is the same. It is only as the true (unlocked) Administrator that I can reattach to screen sessions.


I thought it was common knowledge that logging in to an Administrtors grouped user in Vista or Windows 7 is not enough to defeat the (default) UAC, and you remain unelevated from a privilege standpoint. That is why I have no choice but to unlock the genuine Administrator (and rename it just in case).


The strace revealed that the int fhandler_tty_slave::open(int,
mode_t) called was returning EACCES in this way:

    44   25864 [main] screen 4812 fhandler_tty_slave::open: cannot
dup handles via server. using old method.

I'm glad to read that. So it has nothing to do with cygserver. On the contrary, is it possible that this works fine if cygserver is running in this case?

   116   25980 [main] screen 4812 fhandler_tty_slave::open: can't
open tty (2) handle process 3748
    33   26013 [main] screen 4812 seterrno_from_win_error: /cygdrive/z/shaddybaddah.name-projects/cygwin-master.git/winsup/cygwin/fhandler_tty.cc:556
windows error 5

I assume the original screen pty has been opened by the same user? In which session type, ssh, local desktop, or remote desktop?

    29   26042 [main] screen 4812 geterrno_from_win_error: windows
error 5 == errno 13
    27   26069 [main] screen 4812 __set_errno: void
seterrno_from_win_error(const char*, int, DWORD):319 val 13
   185   26254 [main] screen 4812 C:\software\cygwin\bin\screen.exe:
*** fatal error - couldn't initialize fd 0 for /dev/tty2

I was hoping to detect what the differences in privileges/tokens???
between the regular desktop sesssion, and the ssh session are. In
that way, I was hoping to understand why ReadFile was denying
access, and see if I could tweak some of the named pipe creation
flags. This is all very uninformed, but I was hoping to learn along
the way.

As I mentioned above, this could be related to integrity checking. If you're using user context switch method 1, try with method 2 or 3: http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd2 http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3

Doesn't apply because I'm using a password, right?


Regards,
Shaddy


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]