RE: 1.3.22: child real uid gets parent's effective uid

Sun, 08 Jun 2003 13:53:43 -0700 

Corinna,
Granted there's nothing in Windows corresponding to Unix's distinction
between real and effective uid, but could not cygwin maintain the data as
part of its own process accounting? 

Not doing so might seem justified given what Windows is "really" doing, but
it undermines cygwin's support for porting setuid applications.   (Among
other things, it compromises the security checks Perl builds around setuid
scripts.)  And many Unix applications rely on having both uid's to control
permissions at the application level, maintain an audit trail, ensure that
files are created with the right ownership, etc.
     John

-----Original Message-----
From: Corinna Vinschen [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 07, 2003 5:52 AM
To: '[EMAIL PROTECTED]'
Subject: Re: 1.3.22: child real uid gets parent's effective uid


On Fri, Jun 06, 2003 at 04:20:43PM -0400, Snively, John P (John) wrote:
> 
> I changed the effective uid of my app's process using seteuid, and printed
> out the real and effective uid's obtained via getuid and geteuid.  No
> surprises, until I tested running a child process via system() and
printing
> ITS real and effective uid's.  The effective AND real uid of the child are
> set to the effective uid of the parent -- ouch:
> 
> before changing euid:
> child: euid: 25313 ruid: 25313
> parent: euid: 25313 ruid: 25313
> 
> setting euid to 500
> child: euid: 500 ruid: 500
> parent: euid: 500 ruid: 25313
> 
> Any way around this?

Not easily. The difference between real and effective uid is just plain
fake.  Windows doesn't support that difference, there's just one uid
(better: owner SID) attached to a process.  So each new process begins
its life with euid == ruid.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:[EMAIL PROTECTED]
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply via email to