Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <3.0.5.32.20020129213206.007e2500@pop.ne.mediaone.net>
X-Sender: phumblet AT pop DOT ne DOT mediaone DOT net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Tue, 29 Jan 2002 21:32:06 -0500
To: Corinna Vinschen <cygwin AT cygwin DOT com>
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject: Re: security.cc: bug report, question and suggestion
In-Reply-To: <20020123194126.H11608@cygbert.vinschen.de>
References: <3C4EFF65 DOT FF7BA4DE AT ieee DOT org>
 <3C4EFF65 DOT FF7BA4DE AT ieee DOT org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=====================_1012375926==_"

--=====================_1012375926==_
Content-Type: text/plain; charset="us-ascii"

At 07:41 PM 1/23/02 +0100, Corinna Vinschen wrote:
>On Wed, Jan 23, 2002 at 01:22:29PM -0500, Pierre A. Humblet wrote:
>> OK, but can you give suggestions about how to debug processes 
>> started under cygrunsrv? I tried to have cygrunsrv start a shell
>> and put strace in the shell script. However the problem does not 
>> occur with this setup, only when the program is started directly.
>> Is there a way to produce Cygwin internal debug output without strace?
>
>Have a look into `how-to-debug-cygwin.txt' in the cygwin source
>directory.  You can use the CYGWIN_SLEEP technique, for instance.

Corinna,

Sorry for the delay, I have been sidetracked. Here is an 
explanation and a fix for the problem of incorrect uid
when the Cygwin and Windows usernames differ.
 
The passwd file is only scanned when starting a process from Windows,
or following seteuid().
When ntsec is not defined, internal_getlogin matches the
Windows username with the pw_name's in passwd to find the uid.
When ntsec is defined, internal_getlogin scans passwd by sid's.
Cygwin user names can then be different from Windows user names.

In my case the program was running as a service under cygrunsrv. 
ntsec was not defined in the environment of the service manager, 
but only as a -e CYGWIN= argument to cygrunsrv. 
When cygrunsrv started it didn't find the Windows username in pw_name
and used the default uid. When the service application started, with
ntsec, it didn't scan the passwd file because cygrunsrv is a Cygwin 
process. Thus the username and uid were incorrect under ntsec...

The same problem happens when a user with a Cygwin username
different from Windows starts without ntsec.

I saw 4 possible solutions.
1) Mandate ntsec if Cygwin and Windows user names differ.
Not so good. /etc/passwd is a shared resource and different users
may have different ntsec preferences. Unexpected situations can 
occur.

2) Have the parent process notice that CYGWIN was changed and
force the child to rescan /etc/passwd
Complicated.

3) Rescan /etc/passwd if ntsec is defined and the uid is the 
default (= administrator).
OK, but users running as administrator will be slowed down.

4) Always scan /etc/passwd for sid (on NT/2000/XP). If no success,
rescan based on Windows username.
A little inefficient at startup if ntsec is not enabled, but most 
flexible [the two searches can also be combined, possible 
optimization].

The attached uinfo.diff file implements solution 4.
It also does not set primary group in the token (useless).

I have also been burned by missing details in how-to-debug-cygwin.txt
and attach another diff file to improve it.

Pierre

--=====================_1012375926==_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="uinfo.diff"

--- uinfo.cc.in	Mon Nov  5 01:09:10 2001
+++ uinfo.cc	Mon Jan 28 20:24:54 2002
@@ -127,13 +127,12 @@
 	    NetApiBufferFree (ui);
 	}
 
-      if (allow_ntsec)
-	{
+
 	  HANDLE ptok =3D user.token; /* Which is INVALID_HANDLE_VALUE if no
 				       impersonation took place. */
 	  DWORD siz;
 	  cygsid tu;
-	  int ret =3D 0;
+	  ret =3D 0;
 
 	  /* Try to get the SID either from already impersonated token
 	     or from current process first. To differ that two cases is
@@ -190,19 +189,13 @@
 		  else
 		    unsetenv ("USERPROFILE");
 		}
-	    }
 
 	  /* If this process is started from a non Cygwin process,
-	     set token owner to the same value as token user and
-	     primary group to the group which is set as primary group
-	     in /etc/passwd. */
+	     set token owner to the same value as token user */
 	  if (ptok !=3D INVALID_HANDLE_VALUE && myself->ppid =3D=3D 1)
 	    {
 	      if (!SetTokenInformation (ptok, TokenOwner, &tu, sizeof tu))
 		debug_printf ("SetTokenInformation(TokenOwner): %E");
-	      if (gsid && !SetTokenInformation (ptok,=
 TokenPrimaryGroup,
-						&gsid, sizeof gsid))
-		debug_printf ("SetTokenInformation(TokenPrimaryGroup): %E");
 	    }
 
 	  /* Close token only if it's a result from OpenProcessToken(). */
@@ -256,9 +249,9 @@
     if ((p =3D internal_getlogin (cygheap->user)) !=3D NULL)
       {
 	myself->uid =3D p->pw_uid;
-	/* Set primary group only if ntsec is off or the process has been
+	/* Set primary group only if the process has been
 	   started from a non cygwin process. */
-	if (!allow_ntsec || myself->ppid =3D=3D 1)
+	if ( myself->ppid =3D=3D 1)
 	  myself->gid =3D p->pw_gid;
       }
     else

--=====================_1012375926==_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="how-to-debug-cygwin.diff"

--- how-to-debug-cygwin.txt.in	Tue Jan 29 20:08:10 2002
+++ how-to-debug-cygwin.txt	Tue Jan 29 20:17:50 2002
@@ -11,7 +11,9 @@
 
 1. The first thing you'll need to do is to build cygwin1.dll and your=
 crashed
 application from sources. To debug them you'll need debug information,=
 which
-is normally stripped from executables.
+is normally stripped from executables. You should also define the DEBUGGING=
 
+macro to enable some debug features. Debug from a console window (and=
 not
+from windows such as rxvt), as some debugging messages go to the console.
 
 2. Create known-working cygwin debugging environment.
 - create a separate directory, say, c:\cygdeb, and put known-working
@@ -41,6 +43,8 @@
   such situation: -b enables buffering of output and reduces additional
   timeouts introduced by strace, and -m option allows you to mask certain
   classes of *_printf() functions, reducing timeouts even more.
+  Programs started by strace are started as if directly from Windows, and
+  not as if from a Cygwin shell or program.
 
 5. Problems at early startup.
   Sometimes, something crashes at the very early stages of application


--=====================_1012375926==_
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
--=====================_1012375926==_--