Hi,
I'm terribly sorry that I missed this before 3.7p1 was out. The
permanently_set_uid() function fails on Cygwin since the test to
revert to the saved uid unfortunately works on Cygwin though it
shouldn't. The reason is that a Windows NT process always can
revert to its previous privileges. There's no such concept of
giving up rights in a process permanently. This is only possible
for a child process.
Corinna
Index: uidswap.c
==================================================================RCS file:
/cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.39
diff -p -u -r1.39 uidswap.c
--- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39
+++ uidswap.c 16 Sep 2003 14:47:54 -0000
@@ -191,10 +191,12 @@ permanently_set_uid(struct passwd *pw)
(u_int)pw->pw_gid);
}
+#ifdef HAVE_CYGWIN
/* Try restoration of UID if changed (test clearing of saved uid) */
if (old_uid != pw->pw_uid &&
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
+#endif
/* Verify UID drop was successful */
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
On Tue, Sep 16, 2003 at 04:53:09PM +0200, Corinna Vinschen wrote:> Index: uidswap.cSigh, new patch. Should be #ifndef, not #ifdef. Corinna ==================================================================RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.39 diff -p -u -r1.39 uidswap.c --- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39 +++ uidswap.c 16 Sep 2003 14:47:54 -0000 @@ -191,10 +191,12 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_gid); } +#ifndef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); +#endif /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { -- Corinna Vinschen Cygwin Developer Red Hat, Inc.
Corinna Vinschen wrote:> +#ifndef HAVE_CYGWIN > /* Try restoration of UID if changed (test clearing of saved uid) */ > if (old_uid != pw->pw_uid && > (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) > fatal("%s: was able to restore old [e]uid", __func__); > +#endifIs this OK, or should we have a define like "OS_CANT_DROP_PRIVS"? Are there any other OSes (that we support) to which this might apply? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.