bugzilla-daemon at mindrot.org
2005-Nov-05 04:31 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114
Summary: Make concept of "root UID" more abstract for
Interix
support
Product: Portable OpenSSH
Version: 4.2p1
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P3
Component: Miscellaneous
AssignedTo: bitbucket at mindrot.org
ReportedBy: tv at pobox.com
BugsThisDependsOn: 1096,1112,1113
In order to get all the flurry of file ownership and permissions checks correct
on Interix, it is necessary to use something other than plain 0 to indicate
"privileged user". In theory, anyone in the
"Administrators" group has full
access, but there is one uid with privileges above all others (Administrator)
that can be considered equivalent to root.
This is a nontrivial, but low impact (C preprocessor symbol only) change.
However, it is somewhat necessary to make sshd function on Interix, in addition
to the dependcy bugs attached here. I'm also open to other ideas on how the
concept of "are privileges correct?" might be made more abstract.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-05 04:32 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #1 from tv at pobox.com 2005-11-05 15:32 ------- Created an attachment (id=1022) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1022&action=view) Patch abstracting root uid/gid to ROOTUID/ROOTGID macros ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-05 04:41 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
BugsThisDependsOn|1096 |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-05 04:50 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #2 from dtucker at zip.com.au 2005-11-05 15:50 ------- If we're going to do this, I'd rather have it know the difference between the various privileges, eg "have_privilege(BIND_LOW_PORT)" or "have_privilege(SWITCH_USER)" and so on. Of course, the question remains: why does a Unix compatibility layer have a root uid that's not zero? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-05 15:52 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #3 from tv at pobox.com 2005-11-06 02:52 ------- Interix user IDs come from its parent OS (Windows). Local system-supplied users are 0x30000 + <system uid>, and "Administrator" is system uid 1000. It's really unfortunate that there is no special-case maping to 0. But as I noted, the rights that openssh uses are available to more than just the "root" user -- anyone in a specific group can also do setuid. This is not too far of a departure from POSIX.1e CAP_SETUID, so maybe it would be appropriate to do the abstraction anyway? (The important part here though is that such a refactor would probably need to bubble back up to the OpenBSD source repo level.) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-06 07:00 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #4 from dtucker at zip.com.au 2005-11-06 18:00 ------- Created an attachment (id=1026) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1026&action=view) split uid checks into capabilities. First attempt. Doesn't consider uids currently. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-06 07:22 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #5 from dtucker at zip.com.au 2005-11-06 18:22 ------- (In reply to comment #4)> First attempt. Doesn't consider uids currently.Err, make that "doesn't consider gids". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-10 07:41 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #6 from dtucker at zip.com.au 2005-11-10 18:41 ------- (In reply to comment #3)> Interix user IDs come from its parent OS (Windows). Local system-supplied > users are 0x30000 + <system uid>, and "Administrator" is system uid 1000.Hmm, that doesn't quite seem to add up. Your patch has: +# define ROOTUID 197108 but 0x30000 + 1000 = 197608 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Nov-10 15:57 UTC
[Bug 1114] Make concept of "root UID" more abstract for Interix support
http://bugzilla.mindrot.org/show_bug.cgi?id=1114 ------- Comment #7 from tv at pobox.com 2005-11-11 02:57 ------- Sorry, I miswrote. The Interix "Administrator" user is Win32 UID 500, not 1000. That's the reason for the discrepancy. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.