Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: denzel.sciencetools.com: rtroy owned process doing -bs
Date: Tue, 23 Mar 2004 12:48:12 -0800 (PST)
From: Richard Troy <rtroy AT ScienceTools DOT com>
To: <cygwin AT cygwin DOT com>
Subject: Re: sshd as a substitute for the suid bit on executables...
In-Reply-To: <20040323162810.GV17229@cygbert.vinschen.de>
Message-ID: <Pine.LNX.4.33.0403231232090.1808-100000@denzel.sciencetools.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-IsSubscribed: yes



On Tue, 23 Mar 2004, Corinna Vinschen wrote:

> On Mar 23 08:22, Richard Troy wrote:
> > One additional challenge that has just occurred to me in my particular
> > scenario is that in ordinary useage on Unix, my program that runs under
> > the suid bit eventually launches a Java program that creates display
> > windows and attaches to the keyboard/mouse in the usual way and the user
> > never knows it's running as the file owner and not them. Before I go
>
> Google is your friend.  Search for "Allow service to interact with desktop".

Corinna,

your solution looks to be the only thing that can be done today without
writing code - or, at least, nothing significant: I've tested the solution
and it works fine, though you do have to tollerate this stupid, empty sshd
popup window. If you close the window, sshd exits, though you can reset
the window properties to make it tiny and it will remember them if you ask
it to - on W2kPro, at least. You have to create a spare "dummy account"
you won't ever log into and have a "transferr" program available (or
modify your target) in order to catch the command line sent to it by
sshd/bash (it'll get -c <full command line>)

For those that may search the archives behind me and want a full
articulation, in a few minutes I'll make a post that outlines the whole
thing, top to bottom.

Thanks Corinna!  (And Igor!)

Richard

-- 
Richard Troy, Chief Scientist
Science Tools Corporation
rtroy AT ScienceTools DOT com, 510-567-9957, http://ScienceTools.com/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/