Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com
From: Chris Faylor <cgf AT cygnus DOT com>
Date: Wed, 19 Jul 2000 15:57:10 -0400
To: cygwin-developers AT sources DOT redhat DOT com
Subject: Re: login-1.3 can't work on the recent snapshots.
Message-ID: <20000719155710.D19551@cygnus.com>
Reply-To: cygwin-developers AT sources DOT redhat DOT com
Mail-Followup-To: cygwin-developers AT sources DOT redhat DOT com
References: <s1su2e4mz1d DOT fsf AT jaist DOT ac DOT jp> <s1s7lai5b7i DOT fsf AT jaist DOT ac DOT jp> <20000719141458 DOT D17938 AT cygnus DOT com> <3975FB88 DOT 5A96123E AT cygnus DOT com> <20000719150450 DOT C18820 AT cygnus DOT com> <39760766 DOT 7DCBF763 AT cygnus DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <39760766.7DCBF763@cygnus.com>; from vinschen@cygnus.com on Wed, Jul 19, 2000 at 09:54:14PM +0200

On Wed, Jul 19, 2000 at 09:54:14PM +0200, Corinna Vinschen wrote:
>Chris Faylor wrote:
>> I'm not sure why it is a problem even for when child == myself,
>> actually.
>
>The below code could produce that (from spawn_guts):
>
>==== SNIP ====
>      /* Remove impersonation */
>      uid_t uid = geteuid();
>      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
>        seteuid (myself->orig_uid);
>
>      /* Set child->uid to USHRT_MAX to force calling
>internal_getlogin()
>         from child process. Set psid to NULL to play it safe. */
>      child->uid = USHRT_MAX;
>      child->psid = NULL;
>
>      rc = CreateProcessAsUser (...);
>
>      /* Restore impersonation */
>      if (myself->impersonated && myself->token != INVALID_HANDLE_VALUE)
>        seteuid (uid);
>==== SNAP ====
>
>Assuming that myself==child, the last part (restoring the impersonation)
>would be able to influence the child. The child would get a uid which
>is the wrong one and additionally forbids calling internal_getlogin.
>Hmm.

Ok.  So, it seems like you just don't need to do the second seteuid when
mode == _P_OVERLAY .  Right?

cgf