Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com Message-ID: <39760766.7DCBF763@cygnus.com> Date: Wed, 19 Jul 2000 21:54:14 +0200 From: Corinna Vinschen Reply-To: cygdev X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14-SMP i686) X-Accept-Language: de, en MIME-Version: 1.0 To: cygwin-developers AT sources DOT redhat DOT com Subject: Re: login-1.3 can't work on the recent snapshots. References: <20000719141458 DOT D17938 AT cygnus DOT com> <3975FB88 DOT 5A96123E AT cygnus DOT com> <20000719150450 DOT C18820 AT cygnus DOT com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Chris Faylor wrote: > > On Wed, Jul 19, 2000 at 09:03:36PM +0200, Corinna Vinschen wrote: > >Chris Faylor wrote: > >> > >> On Thu, Jul 20, 2000 at 01:36:17AM +0900, Kazuhiro Fujieda wrote: > >> >>>> On 05 Jul 2000 23:28:46 +0900 > >> >>>> Kazuhiro Fujieda said: > >> > > >> >> The login-1.3 of the net release seem not to work with the > >> >> recent snapshots. I tested it with inetutils-1.3.2-4 under > >> >> WinNT4 Sp6a and the latest snapshot. > >> >> > >> >> When I connected with in.telnetd, I was able to find the > >> >> following message. But I couldn't start the remote session, > >> >> because bash.exe spawned by login.exe was choked by the system > >> >> error of "The application failed to initialize properly (0xc0000022).". > >> > > >> >I managed to find the cause of this problem. > >> > > >> >spawn_guts can modify values referred by `child', even though > >> >there is a case where `child' == `myself'. > >> > >> Is this when spawn_guts is called to 'exec[lv]p?()' something? > > > >I don't understand then, why my impersonation stuff works at all. > >All typical applications using that technique are using exec(), > >not spawn(). > > > >login-1.3 is still using `sexec..()' of course. > > I'm not sure why it is a problem even for when child == myself, > actually. The below code could produce that (from spawn_guts): ==== SNIP ==== /* Remove impersonation */ uid_t uid = geteuid(); if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) seteuid (myself->orig_uid); /* Set child->uid to USHRT_MAX to force calling internal_getlogin() from child process. Set psid to NULL to play it safe. */ child->uid = USHRT_MAX; child->psid = NULL; rc = CreateProcessAsUser (...); /* Restore impersonation */ if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE) seteuid (uid); ==== SNAP ==== Assuming that myself==child, the last part (restoring the impersonation) would be able to influence the child. The child would get a uid which is the wrong one and additionally forbids calling internal_getlogin. Hmm. Corinna -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company