Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
X-Injected-Via-Gmane: yes
Path: not-for-mail
From: Andrew DeFaria <Andrew AT DeFaria DOT com>
Newsgroups: gmane.os.cygwin
Subject: Re: login: no shell: /bin/bash: Permission denied
Date: Wed, 06 Mar 2002 13:56:07 -0800
Organization: Salira Optical Networks
Lines: 73
Message-ID: <3C869077.3090705@DeFaria.com>
References: <m3eliylhc2 DOT fsf AT appel DOT lilypond DOT org> <20020306101433 DOT P13590 AT cygbert DOT vinschen DOT de> <3C866A0B DOT 6040500 AT DeFaria DOT com> <20020306213202 DOT C13590 AT cygbert DOT vinschen DOT de>
NNTP-Posting-Host: 206.184.204.2
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: quimby2.netfonds.no 1015452201 7244 206.184.204.2 (6 Mar 2002 22:03:21 GMT)
X-Complaints-To: usenet AT quimby2 DOT netfonds DOT no
NNTP-Posting-Date: 6 Mar 2002 22:03:21 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: en-us

Corinna Vinschen wrote:

> On Wed, Mar 06, 2002 at 11:12:11AM -0800, Andrew DeFaria wrote:
> 
>>You imply that somebody has the ability to change user context! If so 
>>then who is that somebody (USER)?
>>
> 
> I have to tell that each week (day?) again, apparently.  It's SYSTEM.


Sorry, I saw that the very next post. So then is it possible to login(1) 
as SYSTEM then use login(1) to switch user? Probably not because you 
(i.e. not the other user nor SYSTEM) can't use login to switch user to 
SYSTEM.

OK then, seems to me that su might be implementable by using a service 
that runs as SYSTEM and takes requests to switch user from user A to 
user B. Possible?


>>It's my understanding that the only thing(s) that use login are things 
>>like telnet/rlogin/rsh.
>>
>>Frustrated by the lack of su(1M)!
>>
> 
> Did you ever try to understand NT security?  


Only briefly I glanced over it. Honestly I do not wish to be an NT 
security expert.

> Otherwise you would
> know know the cause for this restriction.  It's exceptionally not
> because we're mean!


Did I say you were mean?


> 
>>Oh, BTW, here's a potential security problem:
>>
>>$ rsh hosta id
>>uid=1370(adefaria) gid=513(Domain Users) groups=0(Everyone),512(Domain 
>>Admins),513(Domain 
>>Users),1170(Everybody),1382(ITSupport),1354(Operations),1331(Software)
>>$ rsh hosta -l otheruser id
>>uid=1269(otheruser) gid=513(Domain Users) groups=0(Everyone),513(Domain 
>>Users),1203(Engineering),1170(Everybody),2171(Product Team),1215(Service 
>>Group),1331(Software),1298(TDM Group)
>>
>> How did I rsh as another user and not be prompted for a password?
>>
> 
> Because you have an .rhosts file?  I assume you know how rsh
> works on U*X systems, don't you?


No need to get condesending here Corinna! I know how rsh works! My first 
shot at it had a ~/.rhosts file but just before I posted I said to 
myself that I should verify this is still a problem without a ~/.rhosts 
so I moved it aside and reproduced exactly the same problem.

Regardless, to me it's still would be a large security hole if all one 
needs to do is:

$ echo "+" > ~/.rhosts

to be able to abuse rsh to do something under somebody else's user ID is 
it not?




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/