Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: denzel.sciencetools.com: rtroy owned process doing -bs
Date: Tue, 23 Mar 2004 10:10:31 -0800 (PST)
From: Richard Troy <rtroy AT ScienceTools DOT com>
To: <cygwin AT cygwin DOT com>
Subject: Re: suid bit on executables?
In-Reply-To: <Pine.GSO.4.56.0403231209180.19995@slinky.cs.nyu.edu>
Message-ID: <Pine.LNX.4.33.0403230955470.1808-100000@denzel.sciencetools.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-IsSubscribed: yes



On Tue, 23 Mar 2004, Igor Pechtchanski wrote:

> FYI, Cygwin implements /dev/conin and /dev/conout, so, perhaps, the
> approach suggested in <http://cygwin.com/ml/cygwin/2004-03/msg00259.html>
> would be helpful (or something along those lines).

Thanks, Igor, I'll look into that in a minute...

> OTOH, once cygserver is in place, we'll have a working "su" (which is
> exactly what you want, right?).
> 	Igor

No, what I need is _very_ different. The requirement is for a program that
runs as a different user without that user having any special privileges
themselves and without the ability to log in, or run other programs as
that other user. On Unix (and Unix clones), there's a concept of the "suid
bit" which is set in the file system and associated with executable
programs (and on many implementations, executable shell scripts too). When
any user, including root, executes a program with the suid bit set, the
program runs just like any other program except that it runs in the user
context of the file's owner, NOT as the user who called the program. In
contrast, su requires that the caller have the password of the account in
question...

That said, a "working su" program _should_ be able to be used as the
foundation of an implementation of an exec call where the suid bit is set.
Corinna hinted that W2003 makes things harder and I haven't any idea why,
but it figures that Windows would try very hard to ensure that nothing
else is compatible with Windows. -frown-

Regards,
Richard

-- 
Richard Troy, Chief Scientist
Science Tools Corporation
rtroy AT ScienceTools DOT com, 510-567-9957, http://ScienceTools.com/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/