Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 30 Jan 2002 11:26:01 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Cc: cygwin <cygwin AT cygwin DOT com>
Subject: Re: security.cc: bug report, question and suggestion
Message-ID: <20020130112601.B11608@cygbert.vinschen.de>
Mail-Followup-To: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>,
	cygwin <cygwin AT cygwin DOT com>
References: <3C4EFF65 DOT FF7BA4DE AT ieee DOT org> <3C4EFF65 DOT FF7BA4DE AT ieee DOT org> <3 DOT 0 DOT 5 DOT 32 DOT 20020129213206 DOT 007e2500 AT pop DOT ne DOT mediaone DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3.0.5.32.20020129213206.007e2500@pop.ne.mediaone.net>
User-Agent: Mutt/1.3.22.1i

On Tue, Jan 29, 2002 at 09:32:06PM -0500, Pierre A. Humblet wrote:
> When ntsec is not defined, internal_getlogin matches the
> Windows username with the pw_name's in passwd to find the uid.
> When ntsec is defined, internal_getlogin scans passwd by sid's.
> Cygwin user names can then be different from Windows user names.
> 
> In my case the program was running as a service under cygrunsrv. 
> ntsec was not defined in the environment of the service manager, 
> but only as a -e CYGWIN= argument to cygrunsrv. 
> When cygrunsrv started it didn't find the Windows username in pw_name
> and used the default uid. When the service application started, with
> ntsec, it didn't scan the passwd file because cygrunsrv is a Cygwin 
> process. Thus the username and uid were incorrect under ntsec...
> 
> The same problem happens when a user with a Cygwin username
> different from Windows starts without ntsec.
> 
> I saw 4 possible solutions.
> 1) Mandate ntsec if Cygwin and Windows user names differ.
> Not so good. /etc/passwd is a shared resource and different users
> may have different ntsec preferences. Unexpected situations can 
> occur.

But that's the whole point of having `ntsec' on.  As I described in
the ntsec docs (http://cygwin.com/cygwin-ug-net/ntsec.html) having a
Cygwin username different from the Windows username is explicitely
a property of `ntsec'.  Having a different username is not supported
w/o ntsec.

Besides that, I can't suggest using ntsec for one user but nontsec
for another user.  This results in weird effects for the user who's
not using ntsec.  According to the `ls -l' output she has access to
file "foo" but a `cat foo' returns "Permission denied".  I admit
that that also may happen with ntsec on, due to the complexity of
NT permissions which aren't reflected by the `ls -l' output.  But the
surprises should be few.

> 4) Always scan /etc/passwd for sid (on NT/2000/XP). If no success,
> rescan based on Windows username.
> A little inefficient at startup if ntsec is not enabled, but most 
> flexible [the two searches can also be combined, possible 
> optimization].

I think you're right that we should always look for the SID in
/etc/passwd at that point.  The problem is exactly the startup of
cygrunsrv with no CYGWIN setting in the system environment.  I'm
so used to having the usual "CYGWIN=binmode ntsec tty" in my system
environment that I'd never seen that problem.

> The attached uinfo.diff file implements solution 4.
> It also does not set primary group in the token (useless).

No, it's not useless.  If this process starts non-Cygwin processes
this processes will set the users primary group given in /etc/passwd
as primary group for created files.  That's intended.  I will not
remove that.

However, I have some problems with your patch to uinfo.cc.

- It eliminates the opening brace at line 130 but it eliminates an
  unrelated closing brace at line 193.  The corresponding closing
  brace would be in line 212.  Is that planned - and if so, why -
  or is that just an accident?
- The formatting isn't correct anymore after eliminating the braces.
- I'm missing a ChangeLog entry for that patch.

Could you please resubmit your patch with these changes to the
cygwin-patches mailing list?  And would you mind to send a copyright
assignment form as described on http://cygwin.com/contrib.html?

Thanks for tracking that down.  This could explain some of the
problems people have starting sshd, perhaps.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/