This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: exec after seteuid
Corinna Vinschen wrote:
>
> On Mon, Jun 09, 2003 at 12:43:13PM -0400, Pierre A. Humblet wrote:
> > Corinna Vinschen wrote:
> > > it changes the impersonated access token if priv_gid is in the group
> > > list of the new users token.
> >
> > Nope. The token is only changed by set(e)uid(), never by set(e)gid().
> > Set(e)gid only changes the default group in the token, not the token
> > itself (that's your design, or perhaps even older, and it's just fine).
>
> There's SetTokenInformation(TokenPrimaryGroup) called in setegid32.
Yes, but it's a misleading name. It only affects the (default) group of
files created by Windows programs launched by Cygwin.
Also, starting with Win2000, such a call will fail in the case when the
group given as argument is not in the token groups.
> > But the intermediate switch back to 18 will then create a new token and
> > discard the token given by cygwin_set_impersonation_token.
>
> Why should it? If the group hasn't changed before, the seteuid(priv_uid)
> reverts to the original uid/gid combination. That's exactly the case
> which should result in calling RevertToSelf() and nothing else.
Right, but if the gid hasn't changed before, the initial setuid(user) may
have created a new token (and discarded the token we want to use :( ).
See previous mail. Otherwise you end up running with a gid that's not in
your token groups. That can lead to all kinds of troubles.
Pierre