Re: Reading what should not!

Re: Reading what should not!

[Angelo Graziosi]

Larry Hall (Cygwin) wrote:
> This is new behavior with 1.7 and it's there to mimic what one sees in
> Linux.  I can't reproduce your reported results in Fedora 8.  For me, if I
> am 'root', I can see the contents of 'foo.txt' just fine with the permissions
> you have set on it.

I do not know how Fedora works, but on Kubuntu the user created when 
installing the SO is also 'root': one need only to use 'sudo...'. After 
typing the password it 'remains active'  for about 15 minute. This mean 
that if I use 'sudo less foo.txt' when that pass. is active I do not 
need to retype it, and, as 'root', I can read that file. But if I open a 
new shell, in which the passwd is not yet 'active', trying 'sudo 
less...' asks for the passwd, which looks right to me.

Why 'root' should read, for example, private mails of the other simple 
users of that PC?


Cheers,
Angelo.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Mark J. Reed]

On Mon, Sep 14, 2009 at 4:29 AM, Angelo Graziosi wrote:
> I do not know how Fedora works, but on Kubuntu the user created when
> installing the SO is also 'root': one need only to use 'sudo...'. After
> typing the password it 'remains active'  for about 15 minute.

That makes no sense.  "sudo" means "run as root".  If you're already
root, there's no need for sudo, and most systems don't even allow root
to run the sudo command.

In traditional UNIX, either you're root, in which case you have the
full run of the box with no need to ask for extra permissions, or
you're not.  Secured OSes like SELinux change those rules, but you're
no longer in the realm of general Linux at that point.

It sounds to me like your Fedora created a user named "root" who is
not really "root" (uid 0).  Which might be a security thing, but is
sure to lead to confusion.  What does 'id' report?

-- 
Mark J. Reed <markjreed@gmail.com>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Dave Korn]

Angelo Graziosi wrote:

> Why 'root' should read, for example, private mails of the other simple
> users of that PC?

  Root is the superuser.  Root is the administrative account.  Root can do
anything.  The sysadmin /has/ to be able to access all the files on a system,
it is a necessary part of administering the system.  If root can't read the
user's private mailbox file, how can root back up that user's private mailbox
file for them?

  (The ethical issues surrounding the guardianship, accountability and
responsible use of this degree of power cannot be solved by technological
means, so we don't even try to "fix it in the OS".  If you want to keep
confidential data on a machine where you are not root and where you cannot
trust the root user to respect your privacy, you shouldn't put it there in the
first place.)

    cheers,
      DaveK


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Matt Wozniski]

On Mon, Sep 14, 2009 at 4:29 AM, Angelo Graziosi wrote:
> Larry Hall (Cygwin) wrote:
>>
>> This is new behavior with 1.7 and it's there to mimic what one sees in
>> Linux.  I can't reproduce your reported results in Fedora 8.  For me, if I
>> am 'root', I can see the contents of 'foo.txt' just fine with the
>> permissions
>> you have set on it.
>
> I do not know how Fedora works, but on Kubuntu the user created when
> installing the SO is also 'root': one need only to use 'sudo...'.

sudo allows non-root users to run commands as root, or to get shells as root.

> After typing the password it 'remains active'  for about 15 minute.

"remains active" meaning that the sudo infrastructure remembers that
you have validated yourself to it already, and don't need to do it
again.

> This mean that
> if I use 'sudo less foo.txt' when that pass. is active I do not need to
> retype it, and, as 'root', I can read that file.

You don't need to retype it because sudo remembers that you've typed
it already, so lets you become root anyway.  You can read the file
because you're root - that has nothing to do with the password.  The
password only affects the steps where you're gaining root privileges,
it has nothing to do with what you can do once you have them.

> But if I open a new shell,
> in which the passwd is not yet 'active', trying 'sudo less...' asks for the
> passwd, which looks right to me.

The sudo password caching can be disabled entirely, enabled per-user,
or enabled per-tty (basically per-shell).  sudo can also be configured
to either require the password of the user or the password of root to
launch commands as root.

> Why 'root' should read, for example, private mails of the other simple users
> of that PC?

As Dave Korn said, because he needs to be able to.

You're confusing the process of *becoming* root with what root can do.
 Becoming root requires a password, of course!  On a system where you
become root using sudo, that password is usually the user's password,
but it can also be root's password, depending on the system's config.
But once you've become root, you can do whatever you want, including
deleting every file and directory on the disk, and no one can stop
you.

To prove that the "password becoming active" is just part of the inner
workings of sudo, you could just try out "sudo -i" to get an
interactive shell as root - you'll see that you can "less" the file
just fine, and will continue to be able to for as long as you stay
logged in as root.

~Matt

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Angelo Graziosi]

Mark J. Reed wrote:
> Administrative users on Windows are
> treated as equivalent to root by Cygwin.

I know that.

> If you're saying that admin users should have to use sudo or
> equivalent to gain elevated access in Cygwin, then that's a feature
> request.  Does it match what Windows does?  Outside of UAC in Vista
> I'm unaware of Administrators having to do anything to activate their
> privileges.

I never said that.


Cheers,
Angelo.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Mark J. Reed]

On Mon, Sep 14, 2009 at 10:26 AM, Angelo Graziosi  wrote:
> I do not have Fedora but Kubuntu (8.04 and 9.04). On Kubuntu the user
> created in the installation step, say 'pippo', is also 'root' in the sense
> that 'pippo' needs 'sudo' (or 'sudo su') for administrative usage.

OK, then, big difference. 'pippo' is not root, pippo is able to do
things as root when needed.  Administrative users on Windows are
treated as equivalent to root by Cygwin.

If you're saying that admin users should have to use sudo or
equivalent to gain elevated access in Cygwin, then that's a feature
request.  Does it match what Windows does?  Outside of UAC in Vista
I'm unaware of Administrators having to do anything to activate their
privileges.

-- 
Mark J. Reed <markjreed@gmail.com>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: Reading what should not!

[Thrall, Bryan]

Angelo Graziosi wrote on Monday, September 14, 2009 9:27 AM:

> Mark J. Reed wrote:
>> That makes no sense.  "sudo" means "run as root".  If you're already
>> root, there's no need for sudo, and most systems don't even allow
root
>> to run the sudo command.
> 
> I do not mean that 'root' need 'sudo'.
> 
>> It sounds to me like your Fedora
> 
> I do not have Fedora but Kubuntu (8.04 and 9.04). On Kubuntu the user
> created in the installation step, say 'pippo', is also 'root' in the
> sense that 'pippo' needs 'sudo' (or 'sudo su') for administrative
usage.

On Kubuntu (or any other Ubuntu-derived distro, AFAIK), the root user is
disabled by default; the only way to get root priveleges is to use sudo,
which is set up to ask for your password (whatever user you're running
as when you execute sudo).

So there is no difference between being an Administrator on Cygwin 1.7
and having root priveleges on Kubuntu; it's just that on Kubuntu, you
have to type in your password to get root priveleges, while on Cygwin,
you just have to be an Administrator user.

-- 
Bryan Thrall
FlightSafety International
bryan.thrall@flightsafety.com

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Angelo Graziosi]

Mark J. Reed wrote:
> That makes no sense.  "sudo" means "run as root".  If you're already
> root, there's no need for sudo, and most systems don't even allow root
> to run the sudo command.

I do not mean that 'root' need 'sudo'.

> It sounds to me like your Fedora

I do not have Fedora but Kubuntu (8.04 and 9.04). On Kubuntu the user 
created in the installation step, say 'pippo', is also 'root' in the 
sense that 'pippo' needs 'sudo' (or 'sudo su') for administrative usage.


Cheers,
Angelo.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Reading what should not!

[Larry Hall (Cygwin)]

On 09/13/2009 10:04 AM, Angelo Graziosi wrote:
> Just a curiosity... (I have seen th following on Cygwin-1.7, but perhaps
> it happens also on 1.5)
>
> Suppose that there are two users: the administrator (root) and a simple
> user (pippo). Suppose that 'pippo' has a file 'foo.txt' with permissions:
>
> rw-------
>
> Why 'root' can read 'foo.txt'? For example with
>
> root@PC~
> $ less /home/pippo/foo.txt
>
> On GNU/Linux, the same command (or with 'sudo') asks for pippo's
> password! (Which looks right to me)
>
> Trying to read the same file as 'root', but with Windows applications
> (Notepad, for example), fails: one gets 'Access denied' (also if foo.txt
> is copied in the 'root' HOME or /tmp, as pippo's file rw-------). Even
> this looks right to me...

We've been through this before as recently as the last couple of weeks.
This is new behavior with 1.7 and it's there to mimic what one sees in
Linux.  I can't reproduce your reported results in Fedora 8.  For me, if I
am 'root', I can see the contents of 'foo.txt' just fine with the permissions
you have set on it.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reading what should not!

[Angelo Graziosi]

Just a curiosity... (I have seen th following on Cygwin-1.7, but perhaps 
it happens also on 1.5)

Suppose that there are two users: the administrator (root) and a simple 
user (pippo). Suppose that 'pippo' has a file 'foo.txt' with permissions:

rw-------

Why 'root' can read 'foo.txt'? For example with

root@PC~
$ less /home/pippo/foo.txt

On GNU/Linux, the same command (or with 'sudo') asks for pippo's 
password! (Which looks right to me)

Trying to read the same file as 'root', but with Windows applications 
(Notepad, for example), fails: one gets 'Access denied' (also if foo.txt 
is copied in the 'root' HOME or /tmp, as pippo's file rw-------). Even 
this looks right to me...


Cheers,
Angelo.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple