From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Feature request: sudo
Date: Thu, 19 Jan 2023 21:38:49 +0100 [thread overview]
Message-ID: <Y8mqWfPrLYwA+MZi@calimero.vinschen.de> (raw)
In-Reply-To: <CAF8HOZJ9U36twWekhwtrC6w7DMdvde0z3PxrP65ExZYxDLf2Xg@mail.gmail.com>
On Jan 19 20:17, Jochen Wiedmann via Cygwin wrote:
> Hi,
>
> as someone who is quite used to typing
>
> sudo do something
>
> I would really like to do the same in my CygWin bash.In my opinion,
> this could be implemented
> relatively simply, and straightforward as follows:
>
> - Accept an array of strings with the command, that is being
> executed with administrator
> privileges.
> - Use the standard Windows API to execute some functionality with
> admin privileges.
> In the current case, that functionality would be a simple exec
> with the above command line.
Assuming you already are running an administrative account and you just
want to elevate a process, rather than actually switching the user
context to, say, "Administrator".
- The underlying Win32 system calls implementing fork/execve, i.e.
CreateProcess and CreateProcessAsUser, don't allow to start an
elevated process from a non-elevated process, unless you already have
access to your elevated token. While you can actually access that
token, this token is not suitable for CreateProcessAsUser, unless you
access it with TCB privileges... which only an already elevated
process has.
- Windows doesn't provide SUID/SGID bits. They are just faked in Cygwin
using some bits in a NULL SID. Thus, a sudo tool with SUID bit set is
not workable on Windows, unless you control running an executable from
an already privileged process which creates the user token. This
could be done by cygserver, but nobody implemented that yet.
https://cygwin.com/acronyms/#SHTDI
Having said that, you can kind of do it yourself:
- Install and run Cygwin's sshd as a service.
- Create a public key pair.
- alias sudo='ssh localhost'
Corinna
next prev parent reply other threads:[~2023-01-19 20:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 19:17 Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen [this message]
2023-01-19 21:27 ` Kevin Schnitzius
2023-01-19 21:53 ` Thomas Wolff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8mqWfPrLYwA+MZi@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).