Mail Archives: cygwin/2004/10/18/06:57:16
On Oct 17 22:43, Reini Urban wrote:
> I've taken Mark's coreutils patches, the proposed fileutils patches, and
> some of Bas latest patches (ignore errors) and tried to build a package.
> Builds fine, just some fixes for setuid processing in make install need
> to be done. (for su)
>
> http://xarch.tu-graz.ac.at/publ/cygwin/coreutils/
>
> But while we are here some questions, mostly to Corinna:
>
> sync:
> sync is a no-op in cygwin. Shouldn't we print a warning when calling
> sync.exe?
I don't think it's necessary. Since sync is a noop, it doesn't hurt
to call it. I would go a step further. Just omit sync from the
Cygwin release of coreutils.
> su:
> ok, su was never ported to cygwin. I did read the archives, esp.
> http://www.cygwin.com/ml/cygwin/2003-06/msg00897.html
>
> I've taken the liberty to use some code form corinna's login package and
> applied these changes to su, to do something useful at the password
> prompt and the setuid then.
> Without these patches the password prompt is entirely bogus.
> Only a minor change from setuid to seteuid had to be done.
>
> Also:
> /* The user to become if none is specified. */
> #ifdef __CYGWIN__
> #define DEFAULT_USER "Administrator"
> #define ROOT_UID 18 // system
> #else
> #define DEFAULT_USER "root"
> #define ROOT_UID 0
> #endif
>
> Idea: Logon as Administrator, not as SYSTEM.
> But if already SYSTEM avoid asking for passwords.
> And use the login cygwin_logon_user() code.
>
> But: cygwin_logon_user always fails, even in a sysbash.
Hmm, it works in login(1) and in ftpd(8), right?
However, this isn't really su functionality since you need special
user rights which the standard user (even admin) doesn't have. The
su functionality always needs a server application which has the
permissions to create a new user token one way or the other.
I would omit su from coreutils. There's no gain to support it in a
windows environment. The functionality is a subset of what a local
sshd installation allows, but with more security implications.
> And, how to support empty password accounts?
> cygwin_logon_user fails with set_errno(EINVAL);
Is the account disabled, perhaps? Please note that there are additional
Windows security settings which you have to take into account.
> Can we use subauth/cygsuba.c then?
No. It's dead, Jim. It's kept for historical purposes (like, say
excavations of temples of the Cygwin sect in 1000+ years). If we
ever get the input for how to create a real authentication module,
we can probably resurrect parts of the existing code.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -