Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
Sender: cygwin-owner AT sources DOT redhat DOT com
Message-ID: <3BBE0CBD.C4D760EB@rowman.com>
Date: Fri, 05 Oct 2001 15:40:45 -0400
From: John Peacock <jpeacock AT rowman DOT com>
MIME-Version: 1.0
To: Peter Buckley <peter DOT buckley AT cportcorp DOT com>
CC: cygwin AT cygwin DOT com
Subject: Re: rshd chdirs before it sets uid and gid???
References: <3BBE0260 DOT D1C3D596 AT cportcorp DOT com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Peter Buckley wrote:
> 
> I was looking at the source (rshd.c) and it
> seems backwards in the way it goes about doing
> things. It is trying to chdir to the remote
> user's home directory before it switches user
> context. That doesn't make sense- I thought
> the point of rsh was that *you* were supposed
> to be *you* and not system or root or anyone
> else.

Remember that rshd was written for the *nix world and only _ported_ 
to CygWin.  Remember also that CygWin has only relatively recently
adopted NT security (and it still has to run under W98).

> 
> This is how I understand what it is doing,
> please correct me if I am wrong.
> 
> First, it checks if it is able to chdir to
> the home directory of the remote user-
> 
> if (chdir(pwd->pw_dir) < 0) {
> (void) chdir("/");
> #ifdef __CYGWIN__
> syslog(LOG_INFO|LOG_AUTH,
>     "%s@%s as %s: no home directory. cmd='%.80s'",
>     remuser, hostname, locuser, cmdbuf);
> error("No remote directory.\n");
> exit(1);
> #endif
> }
> 
> Then if CYGWIN is defined, it just exits?????
> Telnet does NOT do this, it just chdirs to "/"
> and allows you to continue.

That is why telnet is not considered to be a secure program (and other
reasons).  Consider if somehow someone managed to log in as an account 
that does not have a home directory on purpose (like most service 
accounts); Since CygWin's security until very recently has been 
Microsoft's (which is to say none at all), someone could wreak havoc 
on a machine, just given that they can log in.

This is a security feature, not a bug, IMHO, and should not be 
changed.  Only after the cd should the setgid/uid be performed (which 
had no real meaning/effect until 'ntsec' was perfected and still has
no meaning under non-NTFS disks).

> 
> I am running into this problem because SYSTEM
> doesn't have rights to my home directory.
> 
> It seems that the following bit of code should
> come BEFORE the chdir stuff, so SYSTEM doesn't need
> to have rights to EVERY user's home directory.

System is an NT artifact; it is supposed to be used for services that
require very little external rights (like to the filesystem) and to
have special internal rights (like act as part of the O/S).  rshd is
still based in the *nix world where services are run as root until 
they drop to user levels (for things like rshd and sshd).

Run rshd as an admin equivalent and everything will work fine.  Better
yet, run sshd and delete rshd entirely.

HTH

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/