Mail Archives: cygwin/2018/06/08/09:35:05

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/06/08/09:35:05

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; q=dns; s=default; b=FwcU+4g

IeYYQNR0ge+u0F5WkI5n9XXBkCeGERHXF+k55GOJb7O4eQJwLxZRga5PWwU0Y0pu

hCnJmPtfYp5d6n6870XD9nliBF56K5W6/a9qosQAX2VPhlOn5K+NyBrAWn4Gqgq6

1k2uVZZlsDv3Ej8UUNcpm1rckqIi5Cu6kqfo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; s=default; bh=1WClfjHar+Ktc

CEhvwNa70qgH6E=; b=ZlkcqrGkfD8WyIg4tAo4B/cLdyljq21phw3mp7lQIeLrM

8du6al2WfQp4ayk+wc2k4fiFDBxgwB4V60eamWDS02CKIS9+DyXNExwS/GaLE1j6

jxcYFT51S+7ZET1Vmdr2Btk2DWV9t3A9MVlR6Q/oDadh51g3/353523WkEi/V8=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=HX-Received:sk:n11-v6m, authentication, services

X-HELO: mail-wr0-f196.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=t+1dPmV9QxBIzGnY4+xJlkjNbi+8GWYrxVMpEHo698c=; b=QxExNNP+5+BFxNaPBRv3xQfRlyn7zCR6O9dyNJD24oyR98sJ49aqo3Y3aIiUkIaXN5 yJFkotifTDLSC57nDmey8FfN451WSsv6buMpR9t6iwhGT4jwD26h/eF9vw8jv908ra1L aAVQzqnFPR3hhZeAlen0KGMGwHughh6CeEo+s1QvECLe+WQB1AvYkWWlABTfZ0C1rnWj ECcNXfWvczW/eyuRtSR1O5WpW+o/JZMUGXBfh0WmMslyykLzI/TEqXHM1tVOs5lwHaHm iOymKNu4yWCAXJR+6xMVrCsuJjenWxo7q0dvpu/APWenXhhiRR/hAUemmp+Kc1aBx62q L2QA==

X-Gm-Message-State: APt69E0zqNt5ol2ux5/b2F0mjcyZCr88kKc7hSf3lvoCR3hJW2472aSj JHitViQxXVaV5dWnbmSBXcFz/qtio4gxcLMXtmILbz54

X-Google-Smtp-Source: ADUXVKK2oi3ZPwzqgCagJ9+shLgtkZC6LjQfT/A/XosQ6ggR8DIOE1gQBvv8Xjr2ezHyUc+2UhvTNTyotbKm+mzdoQ0=

X-Received: by 2002:adf:e78b:: with SMTP id n11-v6mr5121778wrm.136.1528464891689; Fri, 08 Jun 2018 06:34:51 -0700 (PDT)

MIME-Version: 1.0

In-Reply-To: <CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg@mail.gmail.com>

References: <CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg AT mail DOT gmail DOT com>

From: Sam Habiel <sam DOT habiel AT gmail DOT com>

Date: Fri, 8 Jun 2018 09:34:51 -0400

Message-ID: <CABHT963fN-ATo=4gjop3rMtZ5U53=JX_t1BOyUnM0WQtB+87fA@mail.gmail.com>

Subject: Re: Help with sgid into the Administrators group (or alternatives?)

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

I installed the LSA authentication package; but no difference in
behavior was found.

--Sam

On Wed, Jun 6, 2018 at 9:20 AM, Sam Habiel <sam DOT habiel AT gmail DOT com> wrote:
> I am continuing to port GT.M to Cygwin
> (https://www.fisglobal.com/solutions/banking-and-wealth/services/database-engine).
>
> The database has a suid program that is marked u+s (root suid) on the
> file permissions so that it can run as root whenever invoked. One of
> the first things it does is cd to another directory that is owned by
> root and is not accessible by anybody else.
>
> Cygwin doesn't have the concept of root; so I am trying to implement
> this by sgid into the Adminstrators group (544) from a limited user
> account (i.e., set-up that way on Windows). The executable, instead of
> being suid root, is sgid Adminstrators. The sgid C call apparently
> succeeds when I run it from gdb, but the C chdir instruction fails.
>
> I read https://cygwin.com/cygwin-ug-net/ntsec.html; but haven't done
> anything it says. After all, the sgid call apparently succeeded.
>
> My question is: am I on the right path; or is Windows and Cygwin being
> reasonable in denying my request to chdir when the user is not a
> member of the Administrators group, in spite of the executable being
> sgid Administrators?
>
> --Sam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=FwcU+4g
	IeYYQNR0ge+u0F5WkI5n9XXBkCeGERHXF+k55GOJb7O4eQJwLxZRga5PWwU0Y0pu
	hCnJmPtfYp5d6n6870XD9nliBF56K5W6/a9qosQAX2VPhlOn5K+NyBrAWn4Gqgq6
	1k2uVZZlsDv3Ej8UUNcpm1rckqIi5Cu6kqfo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; s=default; bh=1WClfjHar+Ktc
	CEhvwNa70qgH6E=; b=ZlkcqrGkfD8WyIg4tAo4B/cLdyljq21phw3mp7lQIeLrM
	8du6al2WfQp4ayk+wc2k4fiFDBxgwB4V60eamWDS02CKIS9+DyXNExwS/GaLE1j6
	jxcYFT51S+7ZET1Vmdr2Btk2DWV9t3A9MVlR6Q/oDadh51g3/353523WkEi/V8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=HX-Received:sk:n11-v6m, authentication, services
X-HELO:	mail-wr0-f196.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=t+1dPmV9QxBIzGnY4+xJlkjNbi+8GWYrxVMpEHo698c=; b=QxExNNP+5+BFxNaPBRv3xQfRlyn7zCR6O9dyNJD24oyR98sJ49aqo3Y3aIiUkIaXN5 yJFkotifTDLSC57nDmey8FfN451WSsv6buMpR9t6iwhGT4jwD26h/eF9vw8jv908ra1L aAVQzqnFPR3hhZeAlen0KGMGwHughh6CeEo+s1QvECLe+WQB1AvYkWWlABTfZ0C1rnWj ECcNXfWvczW/eyuRtSR1O5WpW+o/JZMUGXBfh0WmMslyykLzI/TEqXHM1tVOs5lwHaHm iOymKNu4yWCAXJR+6xMVrCsuJjenWxo7q0dvpu/APWenXhhiRR/hAUemmp+Kc1aBx62q L2QA==
X-Gm-Message-State:	APt69E0zqNt5ol2ux5/b2F0mjcyZCr88kKc7hSf3lvoCR3hJW2472aSj JHitViQxXVaV5dWnbmSBXcFz/qtio4gxcLMXtmILbz54
X-Google-Smtp-Source:	ADUXVKK2oi3ZPwzqgCagJ9+shLgtkZC6LjQfT/A/XosQ6ggR8DIOE1gQBvv8Xjr2ezHyUc+2UhvTNTyotbKm+mzdoQ0=
X-Received:	by 2002:adf:e78b:: with SMTP id n11-v6mr5121778wrm.136.1528464891689; Fri, 08 Jun 2018 06:34:51 -0700 (PDT)
MIME-Version:	1.0
In-Reply-To:	<CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg@mail.gmail.com>
References:	<CABHT961S4_s8A=eBJNUKOU3vGMh_D_s_ACUqaFbswsgmMzq7cg AT mail DOT gmail DOT com>
From:	Sam Habiel <sam DOT habiel AT gmail DOT com>
Date:	Fri, 8 Jun 2018 09:34:51 -0400
Message-ID:	<CABHT963fN-ATo=4gjop3rMtZ5U53=JX_t1BOyUnM0WQtB+87fA@mail.gmail.com>
Subject:	Re: Help with sgid into the Administrators group (or alternatives?)
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes