Mail Archives: cygwin/2018/06/06/09:21:04

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/06/06/09:21:04

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; q=dns; s=default; b=KNt0wsc35FUOd9EK4BAupWEll8Tls

ayZmsaeOHvv6VPwxRlz89qmxhsoL+Wzj/VM06EhaPgjM05PBZV8xgfQy6G+s0OYp

Q5fj0Nb/gZjTcFyoPe2jPpN3R6tfyu9DmwUE/nB1NOd10Iq3w0jyH5e2QwbGotN5

0M76L/HmuA4Zys=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; s=default; bh=HquHsn7DNIAyooJS7+yiUvGtstk=; b=QL6

FieXLLFra8VdhpIrNLng7SQdjBX1r9ZXCZ4dJzy4n4f6i6hMmL9JVyYFO7JWQC3F

R5lDROw2fk3tUKXNnCxBgkip5XQ9UqOWuQumJuoCsZ7DYOKqmgvne1cWb9ECXqLZ

W7/QiHXJTN9QCcGAI7+eqBd2eFk3mWV1iieSPpfQ=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:M, services

X-HELO: mail-wr0-f169.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AaOkAg0bFzw2KVe5SZahoBiAq5p3lt/5+GwQRbvtkZA=; b=jC16w8PQFRW+4Vjl7Ew+DI6+Dm98yHX3qJ5q8uMcoVHRGsNomXiLM3v5tw/E/+gkYa yFBXDvNx3fI1LWZ5FXa5Alsqg66lfoppQEncgeYFuF7yGJkS4Rc6KUfG4CXBLp3k1bSh gVYtOD+LT9U6pdO7J7dkJR11J/U21pTUqJX9Ruz5xaTU6+lPvCV2dQZY9gLzG7kE+0GT sAfAwWwTK4UCEkLK9aP0p22+aIKhiJkn85VmI5Zj4jCMXFRyGqEnWufik1XkkbdWjU5u OLxQ8d1GFAKo7O+xCbKOZzGdYsKoibZgrn6U3o2n/7cwoUOb5uW82+ZY4MBkMFvV7810 0/vQ==

X-Gm-Message-State: APt69E2dXlWyDcMiOvGqm7a4Yq3xHNtVFQCVEnSiqKeezJ3n2OtV0hxa Wm4hy64XQfCERXLjgq9QMi2X66yvVu/GO6z0GhtKZBL9

X-Google-Smtp-Source: ADUXVKJBDWvjbxTJkPGpoYL7B218+stHrqpoGF94ZjTITqUB5IkK8G9jCxA45sDUbtmlwFWnCfA8N7f6bAkagFM7NZE=

X-Received: by 2002:adf:a686:: with SMTP id t6-v6mr2316830wrc.51.1528291249818; Wed, 06 Jun 2018 06:20:49 -0700 (PDT)

MIME-Version: 1.0

From: Sam Habiel <sam DOT habiel AT gmail DOT com>

Date: Wed, 6 Jun 2018 09:20:49 -0400

Message-ID: <CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg@mail.gmail.com>

Subject: Help with sgid into the Administrators group (or alternatives?)

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

I am continuing to port GT.M to Cygwin
(https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine).

The database has a suid program that is marked u+s (root suid) on the
file permissions so that it can run as root whenever invoked. One of
the first things it does is cd to another directory that is owned by
root and is not accessible by anybody else.

Cygwin doesn't have the concept of root; so I am trying to implement
this by sgid into the Adminstrators group (544) from a limited user
account (i.e., set-up that way on Windows). The executable, instead of
being suid root, is sgid Adminstrators. The sgid C call apparently
succeeds when I run it from gdb, but the C chdir instruction fails.

I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done
anything it says. After all, the sgid call apparently succeeded.

My question is: am I on the right path; or is Windows and Cygwin being
reasonable in denying my request to chdir when the user is not a
member of the Administrators group, in spite of the executable being
sgid Administrators?

--Sam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=KNt0wsc35FUOd9EK4BAupWEll8Tls
	ayZmsaeOHvv6VPwxRlz89qmxhsoL+Wzj/VM06EhaPgjM05PBZV8xgfQy6G+s0OYp
	Q5fj0Nb/gZjTcFyoPe2jPpN3R6tfyu9DmwUE/nB1NOd10Iq3w0jyH5e2QwbGotN5
	0M76L/HmuA4Zys=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=HquHsn7DNIAyooJS7+yiUvGtstk=; b=QL6
	FieXLLFra8VdhpIrNLng7SQdjBX1r9ZXCZ4dJzy4n4f6i6hMmL9JVyYFO7JWQC3F
	R5lDROw2fk3tUKXNnCxBgkip5XQ9UqOWuQumJuoCsZ7DYOKqmgvne1cWb9ECXqLZ
	W7/QiHXJTN9QCcGAI7+eqBd2eFk3mWV1iieSPpfQ=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:M, services
X-HELO:	mail-wr0-f169.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AaOkAg0bFzw2KVe5SZahoBiAq5p3lt/5+GwQRbvtkZA=; b=jC16w8PQFRW+4Vjl7Ew+DI6+Dm98yHX3qJ5q8uMcoVHRGsNomXiLM3v5tw/E/+gkYa yFBXDvNx3fI1LWZ5FXa5Alsqg66lfoppQEncgeYFuF7yGJkS4Rc6KUfG4CXBLp3k1bSh gVYtOD+LT9U6pdO7J7dkJR11J/U21pTUqJX9Ruz5xaTU6+lPvCV2dQZY9gLzG7kE+0GT sAfAwWwTK4UCEkLK9aP0p22+aIKhiJkn85VmI5Zj4jCMXFRyGqEnWufik1XkkbdWjU5u OLxQ8d1GFAKo7O+xCbKOZzGdYsKoibZgrn6U3o2n/7cwoUOb5uW82+ZY4MBkMFvV7810 0/vQ==
X-Gm-Message-State:	APt69E2dXlWyDcMiOvGqm7a4Yq3xHNtVFQCVEnSiqKeezJ3n2OtV0hxa Wm4hy64XQfCERXLjgq9QMi2X66yvVu/GO6z0GhtKZBL9
X-Google-Smtp-Source:	ADUXVKJBDWvjbxTJkPGpoYL7B218+stHrqpoGF94ZjTITqUB5IkK8G9jCxA45sDUbtmlwFWnCfA8N7f6bAkagFM7NZE=
X-Received:	by 2002:adf:a686:: with SMTP id t6-v6mr2316830wrc.51.1528291249818; Wed, 06 Jun 2018 06:20:49 -0700 (PDT)
MIME-Version:	1.0
From:	Sam Habiel <sam DOT habiel AT gmail DOT com>
Date:	Wed, 6 Jun 2018 09:20:49 -0400
Message-ID:	<CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg@mail.gmail.com>
Subject:	Help with sgid into the Administrators group (or alternatives?)
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes