Mail Archives: cygwin/2004/10/18/08:50:20
Corinna Vinschen schrieb:
> On Oct 17 22:43, Reini Urban wrote:
>>I've taken Mark's coreutils patches, the proposed fileutils patches, and
>>some of Bas latest patches (ignore errors) and tried to build a package.
>>Builds fine, just some fixes for setuid processing in make install need
>>to be done. (for su)
>>
>>http://xarch.tu-graz.ac.at/publ/cygwin/coreutils/
>>
>>But while we are here some questions, mostly to Corinna:
...
>>su:
>>ok, su was never ported to cygwin. I did read the archives, esp.
>>http://www.cygwin.com/ml/cygwin/2003-06/msg00897.html
>>Idea: Logon as Administrator, not as SYSTEM.
>>But if already SYSTEM avoid asking for passwords.
>>And use the login cygwin_logon_user() code.
>>
>>But: cygwin_logon_user always fails, even in a sysbash.
>
> Hmm, it works in login(1) and in ftpd(8), right?
Thanks. That's the list I wanted to hear.
No, it didn't work there. After enabling the user login(1) works ok from
SYSTEM (a sysbash).
> However, this isn't really su functionality since you need special
> user rights which the standard user (even admin) doesn't have. The
> su functionality always needs a server application which has the
> permissions to create a new user token one way or the other.
>
> I would omit su from coreutils. There's no gain to support it in a
> windows environment. The functionality is a subset of what a local
> sshd installation allows, but with more security implications.
su could check for a local sshd daemon running and try a local ssh
session then. looks like a larger hack.
>>And, how to support empty password accounts?
>>cygwin_logon_user fails with set_errno(EINVAL);
>
> Is the account disabled, perhaps? Please note that there are additional
> Windows security settings which you have to take into account.
Yes.
But despite all limitations it sounds useful to have.
Compared to removing su(1) from coreutils.
If called from a unprivileged account it should not print
"su: incorrect password", just something like "cannot setuid", or
"can only setuid as SYSTEM".
Same for login(1). Even with correct password it prints "Login
incorrect", if the password is correct or incorrect. I would vastly
prefer printing a better error message on a correct password. Same as
for su(1).
>> Can we use subauth/cygsuba.c then?
>
> No. It's dead, Jim. It's kept for historical purposes (like, say
> excavations of temples of the Cygwin sect in 1000+ years).
Indeed, looked like a prehistoric MSDN-style excavation.
> If we ever get the input for how to create a real authentication module,
> we can probably resurrect parts of the existing code.
That would be really great! How?
I thought about a cygserver extension to change the security tokens for
processes: su(1), sudo(1), but generally seteuid(3) calls and setuid
(u+s) scripts.
Also PAM and/or NSS support in cygserver would be really cool.
NSS only needs to be added to libc (How do the newlib folks think about
that? NIS was not accepted AFAIK),
PAM and generic set{,e}uid(3) would need a cygsspi.dll (Security Support
Provider Interface), used by cygserver probably.
Replace GINA? But would people use that? Maybe.
Isn't there some sample GINA code to use in MSDN?
Haven't got that lately.
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -