This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Patch] Allow to disable root privileges with CYGWIN=noroot


For members of administrator group, Cygwin runs with root access rights. Cygwin enables the Windows backup and restore privileges which are not enabled by default.

This is IMO not desirable under all circumstances.

This patch adds a new flag to the Cygwin environment variable.
If 'CYGWIN=noroot' is set, the extra privileges are removed after Cygwin startup.


This allows to run a Cygwin shell with the same default access rights as cmd or explorer.


Testcase:


$ cd /cygdrive/c

$ ls -l 'System Volume Information'
----rwx---  1 root SYSTEM   0 Feb 22  2009 MountPointManagerRemoteDatabase
...

$ CYGWIN=noroot ls -l 'System Volume Information'
ls: cannot open directory System Volume Information: Permission denied


I'm sure there is something missing, so no changelog for now :-)


Christian

diff --git a/winsup/cygwin/environ.cc b/winsup/cygwin/environ.cc
index d4e003f..eff982d 100644
--- a/winsup/cygwin/environ.cc
+++ b/winsup/cygwin/environ.cc
@@ -33,6 +33,7 @@ details. */
 extern bool dos_file_warning;
 extern bool ignore_case_with_glob;
 extern bool allow_winsymlinks;
+extern bool use_root_privileges;
 bool reset_com = false;
 static bool envcache = true;
 static bool create_upcaseenv = false;
@@ -565,6 +566,23 @@ set_proc_retry (const char *buf)
   child_info::retry_count = strtoul (buf, NULL, 0);
 }
 
+static void
+set_root_mode (const char *buf)
+{
+  bool old_state = use_root_privileges;
+
+  if (!buf || !*buf)
+    use_root_privileges = false;
+  else
+    use_root_privileges = true;
+
+  if (use_root_privileges != old_state)
+    {
+      OpenProcessToken (hMainProc, MAXIMUM_ALLOWED, &hProcToken);
+      set_cygwin_privileges (hProcToken);
+    }
+}
+
 /* The structure below is used to set up an array which is used to
    parse the CYGWIN environment variable or, if enabled, options from
    the registry.  */
@@ -596,6 +614,7 @@ static struct parse_thing
   {"glob", {func: &glob_init}, isfunc, NULL, {{0}, {s: "normal"}}},
   {"proc_retry", {func: set_proc_retry}, isfunc, NULL, {{0}, {5}}},
   {"reset_com", {&reset_com}, justset, NULL, {{false}, {true}}},
+  {"root", {func: &set_root_mode}, isfunc, NULL, {{s:NULL}, {s:"yes"}}},
   {"strip_title", {&strip_title_path}, justset, NULL, {{false}, {true}}},
   {"title", {&display_title}, justset, NULL, {{false}, {true}}},
   {"tty", {NULL}, set_process_state, NULL, {{0}, {PID_USETTY}}},
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 63be25c..c567dfd 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -406,15 +406,22 @@ out:
   return ret;
 }
 
+/* This may be set to false by 'CYGWIN=noroot' or by parent process
+   through fork().  */
+bool use_root_privileges = true;
+
 /* This is called very early in process initialization.  The code must
-   not depend on anything. */
+   not depend on anything.
+   Note: During fork() this is called twice:
+   first with use_root_privileges = always_true,
+   then with  use_root_privileges = inherited_from_parent.  */
 void
 set_cygwin_privileges (HANDLE token)
 {
-  set_privilege (token, SE_RESTORE_PRIVILEGE, true);
-  set_privilege (token, SE_BACKUP_PRIVILEGE, true);
+  set_privilege (token, SE_RESTORE_PRIVILEGE, use_root_privileges);
+  set_privilege (token, SE_BACKUP_PRIVILEGE, use_root_privileges);
   if (wincap.has_create_global_privilege ())
-    set_privilege (token, SE_CREATE_GLOBAL_PRIVILEGE, true);
+    set_privilege (token, SE_CREATE_GLOBAL_PRIVILEGE, use_root_privileges);
 }
 
 /* Function to return a common SECURITY_DESCRIPTOR that

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]