From: Corinna Vinschen <cygwin@cygwin.com>
To: "Pierre A. Humblet" <Pierre.Humblet@ieee.org>
Cc: cygwin <cygwin@cygwin.com>
Subject: Re: More security issues
Date: Tue, 12 Feb 2002 07:57:00 -0000 [thread overview]
Message-ID: <20020212165719.X14241@cygbert.vinschen.de> (raw)
In-Reply-To: <3.0.5.32.20020210143455.007f2100@pop.ne.mediaone.net>
On Sun, Feb 10, 2002 at 02:34:55PM -0500, Pierre A. Humblet wrote:
> I wonder what the sa in CreateProcess
> really does... The only thing that has an effect is the Inherit flag.
MSDN documents the SD in the lpProcessAttributes/lpThreadAttributes
argument being used as the SD of the called process/main thread.
The SD of the process seems not to correspond with the default DACL
in the token. However, the sec_user() isn't w/o effect. You
can easily check that by changing the function to create a wrong
DACL.
> In the course of debugging I also noticed that the sid2 passed
> to sec_user() from just before CreateProcessAsUser() is useless.
> It is actually equal to the sid that sec_user() gets from
> cygheap->user.sid () [cygheap->user is set in seteuid()]
Does the following patch help?
Index: spawn.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/spawn.cc,v
retrieving revision 1.97
diff -u -p -r1.97 spawn.cc
--- spawn.cc 2002/02/10 13:38:49 1.97
+++ spawn.cc 2002/02/12 15:54:53
@@ -647,6 +647,11 @@ spawn_guts (HANDLE hToken, const char *
}
else
{
+ /* Remove impersonation */
+ if (cygheap->user.impersonated
+ && cygheap->user.token != INVALID_HANDLE_VALUE)
+ RevertToSelf ();
+
cygsid sid;
DWORD ret_len;
if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len))
@@ -659,11 +664,6 @@ spawn_guts (HANDLE hToken, const char *
PSECURITY_ATTRIBUTES sec_attribs = allow_ntsec && sid
? sec_user (sa_buf, sid)
: &sec_all_nih;
-
- /* Remove impersonation */
- if (cygheap->user.impersonated
- && cygheap->user.token != INVALID_HANDLE_VALUE)
- RevertToSelf ();
static BOOL first_time = TRUE;
if (first_time)
> All of this effort was motivated by weird access issues to the
> impersonation token. I can fix that by opening the thread token
> security descriptor after ImpersonateLoggedOnUser() in seteuid()
> and changing the ACL (using the ACL from sec_user(), that works!).
> Unfortunately the work must be redone each time the sequence
> RevertToSelf(), ..., ImpersonateLoggedOnUser() occurs.
That can't be the way to go. Somehow we should try to figure out to do
it correctly.
> Back to setegid(), another safe way would be to
> RevertToSelf(),..,Impersonate..() if currently impersonated.
> That's because there is also a RevertToSelf() before CreateProcessAsUser()
> Why is there one, by the way? Microsoft seems to suggest working in the
> security context of the new user. It says it's useful if the executable
> is only executable by the new user.
Did you try if that works reliable? Nobody keeps you from patching it ;-)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2002-02-12 15:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-10 11:34 Pierre A. Humblet
2002-02-12 7:57 ` Corinna Vinschen [this message]
2002-02-13 0:41 ` Pierre A. Humblet
2002-02-13 12:50 ` Pierre A. Humblet
2002-02-14 1:13 ` Corinna Vinschen
2002-02-22 20:41 ` Pierre A. Humblet
2002-02-23 15:54 ` Corinna Vinschen
2002-03-03 19:05 ` Pierre A. Humblet
2002-03-05 0:57 ` Corinna Vinschen
2002-03-05 11:21 ` Pierre A. Humblet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020212165719.X14241@cygbert.vinschen.de \
--to=cygwin@cygwin.com \
--cc=Pierre.Humblet@ieee.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).