Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <4C37CF2D8DF07E4CA6357BAD5EB9A5D705B05A28@oh0012itsa1.cb.lucent.com>
From: "Snively, John P (John)" <eeyore AT lucent DOT com>
To: "'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>
Subject: RE: 1.3.22: child real uid gets parent's effective uid
Date: Sun, 8 Jun 2003 16:52:31 -0400 
MIME-Version: 1.0
Content-Type: text/plain

Corinna,
Granted there's nothing in Windows corresponding to Unix's distinction
between real and effective uid, but could not cygwin maintain the data as
part of its own process accounting? 

Not doing so might seem justified given what Windows is "really" doing, but
it undermines cygwin's support for porting setuid applications.   (Among
other things, it compromises the security checks Perl builds around setuid
scripts.)  And many Unix applications rely on having both uid's to control
permissions at the application level, maintain an audit trail, ensure that
files are created with the right ownership, etc.
     John

-----Original Message-----
From: Corinna Vinschen [mailto:corinna-cygwin AT cygwin DOT com]
Sent: Saturday, June 07, 2003 5:52 AM
To: 'cygwin AT cygwin DOT com'
Subject: Re: 1.3.22: child real uid gets parent's effective uid


On Fri, Jun 06, 2003 at 04:20:43PM -0400, Snively, John P (John) wrote:
> 
> I changed the effective uid of my app's process using seteuid, and printed
> out the real and effective uid's obtained via getuid and geteuid.  No
> surprises, until I tested running a child process via system() and
printing
> ITS real and effective uid's.  The effective AND real uid of the child are
> set to the effective uid of the parent -- ouch:
> 
> before changing euid:
> child: euid: 25313 ruid: 25313
> parent: euid: 25313 ruid: 25313
> 
> setting euid to 500
> child: euid: 500 ruid: 500
> parent: euid: 500 ruid: 25313
> 
> Any way around this?

Not easily. The difference between real and effective uid is just plain
fake.  Windows doesn't support that difference, there's just one uid
(better: owner SID) attached to a process.  So each new process begins
its life with euid == ruid.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/