delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2001/12/30/12:40:31

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sun, 30 Dec 2001 18:38:08 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin <cygwin AT cygwin DOT com>
Subject: Re: security.cc: bug report, question and suggestion
Message-ID: <20011230183808.S27340@cygbert.vinschen.de>
Mail-Followup-To: cygwin <cygwin AT cygwin DOT com>
References: <3 DOT 0 DOT 5 DOT 32 DOT 20011229152301 DOT 0083a1f0 AT pop DOT ne DOT mediaone DOT net> <3 DOT 0 DOT 5 DOT 32 DOT 20011229152301 DOT 0083a1f0 AT pop DOT ne DOT mediaone DOT net> <3 DOT 0 DOT 5 DOT 32 DOT 20011230112615 DOT 00813e60 AT pop DOT ne DOT mediaone DOT net>
Mime-Version: 1.0
In-Reply-To: <3.0.5.32.20011230112615.00813e60@pop.ne.mediaone.net>
User-Agent: Mutt/1.3.22.1i 

On Sun, Dec 30, 2001 at 11:26:15AM -0500, Pierre A. Humblet wrote:
> At 11:15 PM 12/29/01 +0100, Corinna Vinschen wrote:
> You are reading my mind! I tried it without being administrator.
> Now open_local_policy () goes OK but in get_priv_list ()
> calls to LsaEnumerateAccountRights() (that succeed with 
> administrators privilege) fail with "access denied" (although
> you do specify the correct access rights in open_local_policy() )
> get_priv_list () returns privs = NULL, resulting in failure.

But that's ok.  Only privileged accounts need to access the
account rights to create a token.  I've found the following
KB article:

"HOWTO: Manage User Privileges Programmatically in Windows NT (Q132958)"

> I am also mind boggled by the behavior of setuid() running
> under cygrunsrv.
> Base case: user xxx runs program "prog" from the shell without admin
>            (but with CREATE_TOKEN) privs. prog does setuid(y). 
>            That fails, which is consistent the previous paragraph.
> case 1: cygrunsrv -I ... -u xxx -p ...prog
>            setuid(y) fails, as expected.
> case 2: cygrunsrv -I .... -p ...prog
>            prog notices it is SYSTEM and setuid(xxx). That works as expected.
>            Now running as xxx, setuid(y) succeeds!
>            It looks like prog has inherited unexpected rights from SYSTEM...

Uh, that's a problem, perhaps.  The setuid() code is doing
the following currently:

    sid = getsid(uid)
    RevertToSelf();
    token = create_token(sid);
    ImpersonateLoggedOnUser(token);

Important here is the call to RevertToSelf() which always restores
all privileges of the original account who started the process.
This is only eliminated after an exec which substitutes the process
by a new process which is created using CreateProcessAsUser(token).

The privileged process will always keep it's privileges since it's
always able to "RevertToSelf".

> While I am at it, here is another weird observation:
> base case above: prog reads some registry key. Succeeds.
> cases 1 and 2: prog reads some registry key. Access denied.
> But if xxx has admins privilege, prog can read the registry in 
> cases 1 and 2...
> Can this be explained somehow? It's all on a standalone Win2000.

Hmm, some debgging would help here, perhaps.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019