Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <01d501c33598$5b90c020$0200000a@FoxtrotTech0001> From: "Bill C. Riemers" To: Cc: "me" References: <20030617232103 DOT 79106 DOT qmail AT web10102 DOT mail DOT yahoo DOT com> Subject: Re: About the 'su' command Date: Wed, 18 Jun 2003 08:51:24 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_01D0_01C33576.CC225140" X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 ------=_NextPart_000_01D0_01C33576.CC225140 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit > The second says the command wont work unless I have appropriate > privileges. > Do you know "someone" on an XP station that has more powers than the > Administrator or an Administrators member ? On most Unix systems, if you create a user with UID 65535 you will find that user is unable to run 'suid' commands including 'su'. This is result of 65535 mapping to -1 as a short, and -1 having special meaning. For awhile there was a trend to make the "nobody" user 65535. But then with the dawn of the web, programmers started wanting to make SUID cgi-bin scripts, while still using "nobody" as the default user for web connections. As such, the practice using 65535 for "nobody" has for the most part been abandoned in the Unix world. However, someone at Microsoft must have thought this was an extremely good idea. And why just have one account which is not allowed to SUID? So instead, Microsoft wrote XP so any account != UID 18 is prohibited from SUID. (OK. I over simplified, you can actually grant other accounts privilege to SUID on XP professional...) At first thought, the idea of restricting SUID to SYSTEM seems to give XP much stronger security than most unix systems. Until, you stop and consider, if only SYSTEM can SUID, and I can't login as SYSTEM, how does anything ever get installed to run under SYSTEM? It turns out SYSTEM is the account used for running services. Anyone with Administrators privilege can add a new service. Consequently, all Administrators can run any program they like as SYSTEM, including of course 'su'. So, you ask, if it is so easy for Administrator to run a process as SYSTEM, why doesn't 'su' use this trick? Quite simple. You can not change an existing process to SYSTEM privileges, nor can you do a direct exec() so you can pass your open file descriptors and environment to the new process. Consequently, you would find that if su used this "trick" your process would be running under a new TTY without access to existing file descriptors. So a command like, 'su root -c "bar.sh" < /tmp/foo' would not work as expected. Now you ask, "Well then, why can ssh do pipes." Very simple, 'ssh' sticks around after starting the child process starts passing data from open file descriptors though sockets. Finally you ask, "If ssh can do that, why doesn't su?" Simple. Why rewrite 'su' to do those types of tricks, when 'ssh' already exists? Bill ------=_NextPart_000_01D0_01C33576.CC225140 Content-Type: application/octet-stream; name="su.dat" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="su.dat" #!/usr/bin/bash=0A= # assign the environment to a=0A= a=3D`env |sed -n -e '/^!::=3D/d' -e 's,$,_EOL_,g' -e 's,'\'',_APOS_,g' = -e 's/$[A-Za-z0-9_][A-Za-z0-9_]*$=3D/'\'';\1=3D'\''/' -e '/./p'`=0A= =0A= rm -f /tmp/env.$$=0A= echo "#!`which bash`" > /tmp/env.$$=0A= chmod 755 /tmp/env.$$=0A= =0A= userarg=3D"Administrator"=0A= =0A= options=3D":lc:fmps:"=0A= repeat=3D1;=0A= while [ $repeat -ne 0 ] ; do=0A= getopts $options arg=0A= if [ $? -ne 0 ] ; then=0A= arg=3D"$1"=0A= OPTIND=3D2=0A= fi=0A= case "x$arg" in =0A= xl | x- | x--login)=0A= loginarg=3D1=0A= if [ -z "$shellarg" ] ; then=0A= shellarg=3D`which bash`=0A= fi=0A= ;;=0A= xc | x--command | x--command)=0A= commandarg=3D"$OPTARG"=0A= ;;=0A= x--command=3D*)=0A= commandarg=3D"${arg##--command=3D}"=0A= ;;=0A= xf | x--fast )=0A= fastarg=3D1=0A= if [ -z "$shellarg" ] ; then=0A= shellarg=3D`which tcsh`=0A= fi=0A= if [ -z "$shellarg" ] ; then=0A= shellarg=3D`which csh`=0A= fi=0A= ;;=0A= xm | xp | x--preserve-environment)=0A= echo $a|sed -e 's,^'\'';,,' -e 's,_EOL_$,'\'',' -e 's,_EOL_ = '\'';,'\'';\=0A= ,g' -e "s,_APOS_,'\\'',g" -e 's,_EOL_ ,\=0A= ,g' >> /tmp/env.$$=0A= env|sed -n -e 's,$[A-Za-z0-9_][A-Za-z0-9_]*$=3D.*,export \1;,p' = >> /tmp/env.$$=0A= preservearg=3D1=0A= ;;=0A= xs )=0A= shellarg=3D"$OPTARG"=0A= ;;=0A= x--shell)=0A= shellarg=3D"$OPTARG"=0A= OPTIND=3D3=0A= ;;=0A= x--shell=3D*)=0A= shellarg=3D"${arg##--shell=3D}"=0A= ;;=0A= *)=0A= repeat=3D0=0A= OPTIND=3D1=0A= ;;=0A= esac=0A= while [ $OPTIND -gt 1 ] ; do=0A= shift=0A= OPTIND=3D`expr $OPTIND - 1`=0A= done=0A= done=0A= if [ -n "$1" ] ; then=0A= userarg=3D"$1"=0A= shift=0A= fi=0A= if [ -z "$shellarg" ] ; then=0A= shellarg=3D`which bash`=0A= fi=0A= if [ -n "$commandarg" ] ; then=0A= echo "exec \"$shellarg\" $fastarg $loginarg -c \"$commandarg\"" = >>/tmp/env.$$=0A= elif [ -n "$*" ] ; then=0A= echo "exec \"$shellarg\" $fastarg $loginarg -c \"$@\"" >>/tmp/env.$$=0A= else=0A= echo "exec \"$shellarg\" $fastarg $loginarg -i -s" >>/tmp/env.$$=0A= fi=0A= echo "cd '`pwd`'">>/tmp/env.$$=0A= trap "rm -f /tmp/env.$$" EXIT=0A= ssh -t -l "$userarg" localhost /tmp/env.$$=0A= exit $?=0A= =0A= ------=_NextPart_000_01D0_01C33576.CC225140 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ------=_NextPart_000_01D0_01C33576.CC225140--