This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: 1.3.22: child real uid gets parent's effective uid

From: "Snively, John P (John)" <eeyore at lucent dot com>
To: "'cygwin at cygwin dot com'" <cygwin at cygwin dot com>
Date: Sun, 8 Jun 2003 16:52:31 -0400
Subject: RE: 1.3.22: child real uid gets parent's effective uid

Corinna,
Granted there's nothing in Windows corresponding to Unix's distinction
between real and effective uid, but could not cygwin maintain the data as
part of its own process accounting? 

Not doing so might seem justified given what Windows is "really" doing, but
it undermines cygwin's support for porting setuid applications.   (Among
other things, it compromises the security checks Perl builds around setuid
scripts.)  And many Unix applications rely on having both uid's to control
permissions at the application level, maintain an audit trail, ensure that
files are created with the right ownership, etc.
     John

-----Original Message-----
From: Corinna Vinschen [mailto:corinna-cygwin@cygwin.com]
Sent: Saturday, June 07, 2003 5:52 AM
To: 'cygwin@cygwin.com'
Subject: Re: 1.3.22: child real uid gets parent's effective uid


On Fri, Jun 06, 2003 at 04:20:43PM -0400, Snively, John P (John) wrote:
> 
> I changed the effective uid of my app's process using seteuid, and printed
> out the real and effective uid's obtained via getuid and geteuid.  No
> surprises, until I tested running a child process via system() and
printing
> ITS real and effective uid's.  The effective AND real uid of the child are
> set to the effective uid of the parent -- ouch:
> 
> before changing euid:
> child: euid: 25313 ruid: 25313
> parent: euid: 25313 ruid: 25313
> 
> setting euid to 500
> child: euid: 500 ruid: 500
> parent: euid: 500 ruid: 25313
> 
> Any way around this?

Not easily. The difference between real and effective uid is just plain
fake.  Windows doesn't support that difference, there's just one uid
(better: owner SID) attached to a process.  So each new process begins
its life with euid == ruid.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]