At 12:33 PM 11/12/2003 +0100, Corinna Vinschen wrote: >On Wed, Nov 12, 2003 at 05:37:33AM -0500, Pierre A. Humblet wrote: >> At 10:56 AM 11/12/2003 +0100, Corinna Vinschen wrote: >> >On Tue, Nov 11, 2003 at 01:22:50PM -0500, Pierre A. Humblet wrote: >> >> It autodetects if it is privileged and, if so, setgid(544) & setuid(18) >> >> to normalize its environment (that was done with Windows 2003 in mind). >> > >> >I don't understand. You were the one who figured out the 2003 problem >> >with the SYSTEM account. So, erm... >> >> No sure what you mean. Recall that when we setuid(18) we use the privileges >> that are defined for SYSTEM in security.cc, not those that MS assigns on 2003. > >I don't understand the "that was done with Windows 2003 in mind". >Setting the uid to 18 in exim seems counterproductive in that environment.
The problem I was addressing is that on 2003 users create a privileged account with an arbitrary uid (up to now). On the other hand Exim (which is suid on a real Unix system) enters a restricted mode if the uid isn't a predefined hard coded value (0 on Unix, 18 in Cygwin). So I have a front end that setuid to 18 if the real user is privileged. The main exim code only sees 18 and behaves without restrictions. > >> By introducing the root user on 2003 we are undoing positive steps taken by >> MS. > >Well, I don't see these steps as positive. To me it looks like healing >the effect, not the cause. From my point of view, the whole authentication >problems and the missing suid/sgid bit concept are a design flaw. YMMV. OK, perhaps positive isn't the right word. But what MS did does increase security. Pierre