Re: Feature request: sudo - Corinna Vinschen

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Feature request: sudo
Date: Thu, 19 Jan 2023 21:38:49 +0100	[thread overview]
Message-ID: <Y8mqWfPrLYwA+MZi@calimero.vinschen.de> (raw)
In-Reply-To: <CAF8HOZJ9U36twWekhwtrC6w7DMdvde0z3PxrP65ExZYxDLf2Xg@mail.gmail.com>

On Jan 19 20:17, Jochen Wiedmann via Cygwin wrote:
> Hi,
> 
> as someone who is quite used to typing
> 
>   sudo do something
> 
> I would really like to do the same in my CygWin bash.In my opinion,
> this could be implemented
> relatively simply, and straightforward as follows:
> 
>   - Accept an array of strings with the command, that is being
> executed with administrator
>     privileges.
>   - Use the standard Windows API to execute some functionality with
> admin privileges.
>     In the current case, that functionality would be a simple exec
> with the above command line.

Assuming you already are running an administrative account and you just
want to elevate a process, rather than actually switching the user
context to, say, "Administrator".

- The underlying Win32 system calls implementing fork/execve, i.e.
  CreateProcess and CreateProcessAsUser, don't allow to start an
  elevated process from a non-elevated process, unless you already have
  access to your elevated token.  While you can actually access that
  token, this token is not suitable for CreateProcessAsUser, unless you
  access it with TCB privileges... which only an already elevated
  process has.
  
- Windows doesn't provide SUID/SGID bits.  They are just faked in Cygwin
  using some bits in a NULL SID.  Thus, a sudo tool with SUID bit set is
  not workable on Windows, unless you control running an executable from
  an already privileged process which creates the user token.  This
  could be done by cygserver, but nobody implemented that yet.
  https://cygwin.com/acronyms/#SHTDI

Having said that, you can kind of do it yourself:

- Install and run Cygwin's sshd as a service.
- Create a public key pair.
- alias sudo='ssh localhost'


Corinna

next prev parent reply	other threads:[~2023-01-19 20:38 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-19 19:17 Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen [this message]
2023-01-19 21:27 ` Kevin Schnitzius
2023-01-19 21:53 ` Thomas Wolff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y8mqWfPrLYwA+MZi@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).