Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Tue, 23 Mar 2004 12:11:38 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Richard Troy <rtroy AT ScienceTools DOT com>
cc: cygwin AT cygwin DOT com
Subject: Re: suid bit on executables?
In-Reply-To: <Pine.LNX.4.33.0403230654282.1808-100000@denzel.sciencetools.com>
Message-ID: <Pine.GSO.4.56.0403231209180.19995@slinky.cs.nyu.edu>
References: <Pine DOT LNX DOT 4 DOT 33 DOT 0403230654282 DOT 1808-100000 AT denzel DOT sciencetools DOT com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

On Tue, 23 Mar 2004, Richard Troy wrote:

> On Tue, 23 Mar 2004, Corinna Vinschen wrote:
> > On Mar 22 19:49, Richard Troy wrote:
> > > A little over a year ago, I poked my nose under the tent to inquire about
> > > this once more and in the interrim there had been a new cygserver and a
> > > new ssh daemon, and I was very happy with the advance, but still things
> > > were short of the SUID bit being honored...
> > >
> > > Now, I read in the archives about something, apparently upcoming, called
> > > cygdaemon... I read hints that cygdaemon helps address this problem.
> >
> > There's no such thing as a cygdaemon, only cygserver.  If the SUID stuff
> > gets implemented, it will be based on cygserver.  But there's no code
> > for doing this so far.  Security changes in 2K3 are making an implementation
> > even more complex.
> >
> > Corinna
>
> Thank you, Corinna.
>
> ...might you please propose a work-around for the following scenario?
>
> If I wanted just one particular program to run as this other user, there's
> that nifty tool in Cygwin that lets you define a service that _can_ run as
> another user. This would work for me if I had a way for a Cygwin program,
> launched from a command-line interface, from Bash, say, to attach to it
> and let it do the dirty work. It would need a way to pass command-line
> arguments, and redirect or share std-in, std-out, and std-error. ...I know
> there's the SSHD code that could serve as an example, but it seems to me
> that it's overkill for what I want since there's no need for it to
> credential itself as anyone. ...The simpler, the better, so long as it's
> sufficient!
>
> Thank you for your suggestions/ideas,
> Richard

Richard,

FYI, Cygwin implements /dev/conin and /dev/conout, so, perhaps, the
approach suggested in <http://cygwin.com/ml/cygwin/2004-03/msg00259.html>
would be helpful (or something along those lines).

OTOH, once cygserver is in place, we'll have a working "su" (which is
exactly what you want, right?).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/