This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: The eternal uid issue
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: "D. Boland" <daniel at boland dot nl>, cygwin at cygwin dot com
- Date: Wed, 23 Jul 2014 20:08:07 +0400
- Subject: Re: The eternal uid issue
- Authentication-results: sourceware.org; auth=none
- References: <53CF6CEC dot 6D68E485 at boland dot nl> <20140723091409 dot GH27005 at calimero dot vinschen dot de> <53CF9E0F dot F596FC60 at boland dot nl>
- Reply-to: cygwin at cygwin dot com
Greetings, D. Boland!
> Hi Corinna,
> Corinna Vinschen wrote:
>>
>> > Isn't it about time to make this our First Directive also?
>>
>> Not in relation to the uid. In contrast to Linux we don't have the one
>> single root user. We have potentially endless numbers of them, and one
>> of them, not necessarily SYSTEM, is used to run the service. Keep in
>> mind that there may also be company policy in place which disallows
>> installing services under specific accounts unless absolutely necessary.
>>
>> Therefore, while we mostly strive to make Cygwin accommodate user
>> space, we're not able to do it related to the root uid.
>>
> Thanks for your lengthly and detailed answer. I appreciate that. But don't you think
> upstream maintainers will raise at least one eyebrow if we propose code that makes
> any user who starts the program the root/admin user?
You obviously did not understand Corinna's reply.
And removed the part of reply that directly answer all your questions.
> You suggest only those who are in the admin group. But that will soon be any service
> that starts up.
That's essentially the same as starting services as root on *NIX system.
I fail to see the difference.
> It actually is my solution to running Sendmail: create the Sendmail user, called
> 'smmsp' and make it an Administrator, so it can impersonate users on my system.
> But I don't like my solution, because this would mean I have to create an admin-user
> for any Linux service that I install. So now my Cygwin setup would be crowded with
> highly privileged daemons, listening, waiting to get hacked.
Windows privilege model allow you to alleviate such concerns.
> The more elegant solution would be to create only one secondary privileged user,
> let's call it 'root' ;-). Now Sendmail can start as root, switch to the totally
> *unprivileged* 'smmsp' user and receive mail.
This is essentially what Cygwin is doing right now.
> Of course the real bonus is that these unprivileged users wouldn't need passwords,
> since they are impersonated, not logged on. These would consequently be
> *super-secure* users, because it is impossible to login with an empty password.
You'd be surprised.
> Why is this related to the uid issue?
Because there's no fixed UID. This is a core system difference, that you have
to live with.
> I already tested the second solution. I found out that if I assign my 'root'
> user the '0' id in /etc/passwd, it actually works. I was delighted, because
> I could roll-back all these weird changes I put in the
> Sendmail/procmail/mail.local source to fix the getuid != 0 problem.
/etc/passwd will soon be gone.
> If we go with this MS-imposed idea of "putting services in admin-context",
There's no such idea. You just imagined it.
> Cygwin security will be done for in the long run. Why not make the leap and
> show MS admins/developers how it should be done?
You really think they are all idiots?... Like, really?
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 23.07.2014, <20:01>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple