X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=YmBd0GW17B/URoVP
	HwaAJxKuRpE44oCWPWvqUFFiXBnIoRxe1UTYkztNdajhW+6ndOzW9gCHZNISZLFX
	Mb9JvBYQAGIcY4TOJwvcjRPjAzzhlDCBWbdbooJ5DJJvcKCChqs99HCM/8sf3MYX
	7KgWzoFy9U8O0DmnfJPbFIklxks=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=9uCsADCRFas/b/yXUZl8sO
	wRZi8=; b=cEPR296CHn6umZmQO1IqfV9BIqtvfz9R08KmTRkAyi1rcohRbTTTHu
	TFi2PbJN+FLGvbbukbyix1d2uyW/Zy4pilpvSZzB//h5c31DzwyGn9f2wogRyI8S
	uRE56MloWr47BRcu5nON4osMXof43QzOXPFE3/XBOsYlwmQ4J5xjc=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.4 required=5.0 tests=BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtpback.ht-systems.ru
Date: Wed, 23 Jul 2014 20:08:07 +0400
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <1273556697.20140723200807@yandex.ru>
To: "D. Boland" <daniel AT boland DOT nl>, cygwin AT cygwin DOT com
Subject: Re: The eternal uid issue
In-Reply-To: <53CF9E0F.F596FC60@boland.nl>
References: <53CF6CEC DOT 6D68E485 AT boland DOT nl> <20140723091409 DOT GH27005 AT calimero DOT vinschen DOT de> <53CF9E0F DOT F596FC60 AT boland DOT nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, D. Boland!

> Hi Corinna,

> Corinna Vinschen wrote:
>> 
>> > Isn't it about time to make this our First Directive also?
>> 
>> Not in relation to the uid.  In contrast to Linux we don't have the one
>> single root user.  We have potentially endless numbers of them, and one
>> of them, not necessarily SYSTEM, is used to run the service.  Keep in
>> mind that there may also be company policy in place which disallows
>> installing services under specific accounts unless absolutely necessary.
>> 
>> Therefore, while we mostly strive to make Cygwin accommodate user
>> space, we're not able to do it related to the root uid.
>> 

> Thanks for your lengthly and detailed answer. I appreciate that. But don't you think
> upstream maintainers will raise at least one eyebrow if we propose code that makes
> any user who starts the program the root/admin user?

You obviously did not understand Corinna's reply.
And removed the part of reply that directly answer all your questions.

> You suggest only those who are in the admin group. But that will soon be any service
> that starts up.

That's essentially the same as starting services as root on *NIX system.
I fail to see the difference.

> It actually is my solution to running Sendmail: create the Sendmail user, called
> 'smmsp' and make it an Administrator, so it can impersonate users on my system.
> But I don't like my solution, because this would mean I have to create an admin-user
> for any Linux service that I install. So now my Cygwin setup would be crowded with
> highly privileged daemons, listening, waiting to get hacked.

Windows privilege model allow you to alleviate such concerns.

> The more elegant solution would be to create only one secondary privileged user,
> let's call it 'root' ;-). Now Sendmail can start as root, switch to the totally
> *unprivileged* 'smmsp' user and receive mail.

This is essentially what Cygwin is doing right now.

> Of course the real bonus is that these unprivileged users wouldn't need passwords,
> since they are impersonated, not logged on. These would consequently be
> *super-secure* users, because it is impossible to login with an empty password.

You'd be surprised.

> Why is this related to the uid issue?

Because there's no fixed UID. This is a core system difference, that you have
to live with.

> I already tested the second solution. I found out that if I assign my 'root'
> user the '0' id in /etc/passwd, it actually works. I was delighted, because
> I could roll-back all these weird changes I put in the
> Sendmail/procmail/mail.local source to fix the getuid != 0 problem.

/etc/passwd will soon be gone.

> If we go with this MS-imposed idea of "putting services in admin-context",

There's no such idea. You just imagined it.

> Cygwin security will be done for in the long run. Why not make the leap and
> show MS admins/developers how it should be done?

You really think they are all idiots?... Like, really?


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 23.07.2014, <20:01>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple