From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12858 invoked by alias); 27 Jun 2012 07:54:53 -0000 Received: (qmail 12829 invoked by uid 22791); 27 Jun 2012 07:54:30 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Wed, 27 Jun 2012 07:54:15 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 685B12C0073; Wed, 27 Jun 2012 09:48:14 +0200 (CEST) Date: Wed, 27 Jun 2012 07:54:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Cc: bug-gnulib , Paul Eggert Subject: Re: [PATCH] root-uid: new module Message-ID: <20120627074814.GC837@calimero.vinschen.de> Mail-Followup-To: cygwin@cygwin.com, bug-gnulib , Paul Eggert References: <4FEA4A72.8090003@cs.ucla.edu> <4FEA4D53.3090409@redhat.com> <4FEA4FDB.5030105@cs.ucla.edu> <4FEA5161.6010503@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4FEA5161.6010503@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-06/txt/msg00503.txt.bz2 On Jun 26 18:18, Eric Blake wrote: > [adding cygwin] > > On 06/26/2012 06:12 PM, Paul Eggert wrote: > > On 06/26/2012 05:01 PM, Eric Blake wrote: > >> Rather than forcing comparison to a single value, would it be better to > >> have a function is_privileged_uid(euid)? Do you really need this functionality for an arbitrary uid as input? Or do you just want to know if the current process is running with a certain privilege? > > Yes, that sounds better. I don't use Cygwin, though, so > > I'm not qualified to write that. > > Broadening the question, does the cygwin community have advice on the > best implementation of a function that returns true if the argument is a > uid with full privileges (for example, if the uid is a member of the > Administrator group, and can therefore read files in spite of chown() > disabling all the read permissions)? We're trying to improve gnulib > (and therefore coreutils, findutils, tar, ...) to use an > implementation-appropriate check rather than the more traditional > hard-coded check of uid==0, since that doesn't quite work everywhere. Security in Windows is kind of complicated. Not even the membership in the group "Administrators" is a sure indicator that the current process has the approriate rights. In short, every process has a "user token" attached which defines the permissions a process has, given as a list of group memberships and a list of special privileges. As an additional twist, a privilege in the token can be enabled or disabled. Some of them, if disabled, are automatically enabled when calling certain functions, others have to be enabled explicitely before calling functions relying on the privilege. There are no rules to that, other than what's defined by the documentation. I guess, the most platform-independent approach would be to encapsulate the whole problem into a function requesting a specific capability along the lines of the POSIX 1.e definitions, like, say if (has_capability (CAP_CHOWN)) ... The actual implementation of has_capability can then be defined in a platform-specific file. The default implementation of has_capability would be something along the lines of int has_capability (int cap) { return geteuid () == 0; } Systems supporting POSIX 1.e could use the appropriate functions, Windows-based platforms would use an implementation based on the Win32 functions to request the user token information. As a sidenote, it would be nice if Cygwin would support the POSIX 1.e capabilities, but nobody had the time or incentive to implement this yet. This might be a nice project for somebody who wants to contribute to Cygwin, since its implementation is mostly independent from the already existing functionality. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple