On Wed, Nov 12, 2003 at 05:37:33AM -0500, Pierre A. Humblet wrote: > At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote: > >On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote: > >> It autodetects if it is privileged and, if so, setgid(544) & setuid(18) > >> to normalize its environment (that was done with Windows 2003 in mind). > > > >I don't understand. You were the one who figured out the 2003 problem > >with the SYSTEM account. So, erm... > > No sure what you mean. Recall that when we setuid(18) we use the privileges > that are defined for SYSTEM in security.cc, not those that MS assigns on 2003.
I don't understand the "that was done with Windows 2003 in mind". Setting the uid to 18 in exim seems counterproductive in that environment. > >Anyway, I think we should add "root/0" to /etc/group so that it comes > >before the "administrators/544" entry right from the beginning. What > >happens in an exim installation then? > > Actually it works just fine, and both 544 and 0 appear in id. > Patting myself on the back :) Cool :-) > I have one extra comment: Cygwin introduces a number of security holes, > which I have started to plug. The fixes to the biggest ones > (PROCESS_DUP_HANDLE) > seem to be stalled, and there are still a number of other patches to come. I've tested your patch already a while ago and it seemed to work fine. It's Chris call. > By introducing the root user on 2003 we are undoing positive steps taken by > MS. Well, I don't see these steps as positive. To me it looks like healing the effect, not the cause. From my point of view, the whole authentication problems and the missing suid/sgid bit concept are a design flaw. YMMV. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:[EMAIL PROTECTED] Red Hat, Inc.
