delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2023/01/19/15:39:47

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5D2EA385842A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1674160751;
bh=0/Uxa/jC7vVUefpsADp+w33NQC4yF3hSdB5JZqUjXAo=;
h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
From;
b=axZ9X/EiTpB/+ZQ0HSBjqAYyUqzw0y1pr7GGFdFr7AbKfsFCinFA8z7VcQLeLUiR4
KpEdfg//XK4gXMTKKKiLDJork/Dc8iltoQ2z8DtGHRmibkWgA2tU07rhMvgbDmjibd
hgmqJedgvh/Io41XoncQb0Pw8wxh+WscUDGqmd90=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
Date: Thu, 19 Jan 2023 21:38:49 +0100
To: cygwin AT cygwin DOT com
Subject: Re: Feature request: sudo
Message-ID: <Y8mqWfPrLYwA+MZi@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAF8HOZJ9U36twWekhwtrC6w7DMdvde0z3PxrP65ExZYxDLf2Xg AT mail DOT gmail DOT com>
MIME-Version: 1.0
In-Reply-To: <CAF8HOZJ9U36twWekhwtrC6w7DMdvde0z3PxrP65ExZYxDLf2Xg@mail.gmail.com>
X-Provags-ID: V03:K1:isBeBbUhIfxRiKrRtmbDiP0XtLINf3GPgqAeCkplvlZeb0hR7Tp
pp6/JwI4wDzoAL/7cdDTFOKXlcOOUCCq9RF2vuQ3rTD2zsvIsJ1Bmdqlib6Zxu41FfJtusO
3nKBPAstlU2vl5AbYlN3rs0MnzKaUvRIA/LAP3oC64RPNORC6eehbIzeAqdaEzixbl+7K69
C9KYSK/XTL6+2cRMacd0w==
UI-OutboundReport: notjunk:1;M01:P0:leG5yFFh8V4=;QeS+4L5cKZSkE+IVRqtOoNVi16i
FSunDEaeUKMMaMEk7YEz90V8reY8OXXf6NFom+J5lzjKjsKKuEp+ZT97fI2ksLV4UCitl6jBf
NbT7c57ph2QKdAcRpw0HC9dDwU8ouR98jrWa+7E3DLCiUCDvNoLFoHtbZBQEyb7CNWYSiULM+
u2oS9r903ekNPKuFOz5VenXFfjmoq6LW1LM1VJ1/fBMgg0gQumuHcaNs3QxmuVXOsJT/fWxtM
Vko+Qw4+ggRBdveCQku5ZIfXrMo8j/yAEQIpEmockRoiQfqoV3I+CTo9dmWzrQFYk2S4y2fw3
k4vSe6KQT3wIqgsf+K9qlLdB3zLgtVgrDWRhYZ8fjHGWfAi1s+UOVsFNiEIm8OKLEuCq3PrsM
cmrgb9zq2p8AYhUFnePJRvx4/sVId5xZfgc6IA20OPb6TSNbfpmdj4aiLkTDI76v4iNCHOrg0
h7bKvRQfrG15q0Ge8VE5l5bvcnhG15nbK/h+a7nF2uo+W5MHcE5pK9Qy2/hbgYukecxsHef5H
j1AAIxCLYHWQgEDC/PvCOoeMduyDf14IMZaJncr23H7I676tc5NjLFC/7yxRg14MSRsrxnWCI
OvgBnZOeoPnjG0vrS4b8S66lxeFdOMRA8eF+emUu4vQkm9lNCDzZqtfr3351LMMK6SsxBgB6b
tvZQHd1qe7kkDlK7sizNfnqux4Kl8rjfffYglHK7Cw==
X-Spam-Status: No, score=-97.0 required=5.0 tests=BAYES_00,
GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2, SPF_FAIL, SPF_HELO_NONE,
TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> 

On Jan 19 20:17, Jochen Wiedmann via Cygwin wrote:
> Hi,
> 
> as someone who is quite used to typing
> 
>   sudo do something
> 
> I would really like to do the same in my CygWin bash.In my opinion,
> this could be implemented
> relatively simply, and straightforward as follows:
> 
>   - Accept an array of strings with the command, that is being
> executed with administrator
>     privileges.
>   - Use the standard Windows API to execute some functionality with
> admin privileges.
>     In the current case, that functionality would be a simple exec
> with the above command line.

Assuming you already are running an administrative account and you just
want to elevate a process, rather than actually switching the user
context to, say, "Administrator".

- The underlying Win32 system calls implementing fork/execve, i.e.
  CreateProcess and CreateProcessAsUser, don't allow to start an
  elevated process from a non-elevated process, unless you already have
  access to your elevated token.  While you can actually access that
  token, this token is not suitable for CreateProcessAsUser, unless you
  access it with TCB privileges... which only an already elevated
  process has.
  
- Windows doesn't provide SUID/SGID bits.  They are just faked in Cygwin
  using some bits in a NULL SID.  Thus, a sudo tool with SUID bit set is
  not workable on Windows, unless you control running an executable from
  an already privileged process which creates the user token.  This
  could be done by cygserver, but nobody implemented that yet.
  https://cygwin.com/acronyms/#SHTDI

Having said that, you can kind of do it yourself:

- Install and run Cygwin's sshd as a service.
- Create a public key pair.
- alias sudo='ssh localhost'


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019