X-Spam-Check-By: sourceware.org
Date: Mon, 9 Jan 2006 09:30:50 -0500 (EST)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Eric Blake <ebb9 AT byu DOT net>
cc: cygwin AT cygwin DOT com
Subject: Re: 'su' no longer working?
In-Reply-To: <43C27274.2090402@byu.net>
Message-ID: <Pine.GSO.4.63.0601090928570.20978@slinky.cs.nyu.edu>
References: <Pine DOT GSO DOT 4 DOT 63 DOT 0601051732360 DOT 5388 AT slinky DOT cs DOT nyu DOT edu>  <43BDF429 DOT 5050206 AT byu DOT net> <Pine DOT GSO DOT 4 DOT 63 DOT 0601052353210 DOT 9477 AT slinky DOT cs DOT nyu DOT edu>  <20060109125839 DOT GD32312 AT calimero DOT vinschen DOT de> <Pine DOT GSO DOT 4 DOT 63 DOT 0601090803110 DOT 20978 AT slinky DOT cs DOT nyu DOT edu>  <43C27274 DOT 2090402 AT byu DOT net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine DOT GSO DOT 4 DOT 63 DOT 0601090928572 DOT 20978 AT slinky DOT cs DOT nyu DOT edu>
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mon, 9 Jan 2006, Eric Blake wrote:

> According to Igor Peshansky on 1/9/2006 6:04 AM:
> >
> > Right, that's pretty much what I was asking for above.  Eric, if it
> > helps, I can look into submitting the patch later this week, though I
> > haven't looked at the coreutils code in a while, so it might take some
> > time to understand the specifics.
>
> I've already been playing some with a cygwin-specific patch.  Using the
> tips at http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid, I have
> already gotten a working implementation that will switch user context on
> NT machines with a password.  But I still want to get passwordless
> switching working where possible.  The patch should apply to src/su.c
> provided in the 5.93-2 source tarball from setup.exe, as a starting
> point for your hacking.

Ok, thanks, I'll play around with it...

> Speaking of which, I noticed that in my attached patch (work in
> progress), I got a failure return for PrivilegeCheck on my NT machine
> when run as SYSTEM, even though my understanding is that on NT, SYSTEM
> has the privileges of passwordless context switching.  Any ideas what I
> might need to fix to make this check more robust, short of just trying a
> setuid() to see if it will succeed without first doing the
> cygwin_logon_user()/cygwin_set_impersonation_token() check?

Heh, what's wrong with doing that?  If setuid() fails, try it with a
password -- I can't think of any caveats, frankly...  Corinna?
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/