From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by sourceware.org (Postfix) with ESMTPS id 735E73858C52 for ; Thu, 19 Jan 2023 20:38:51 +0000 (GMT) Authentication-Results: sourceware.org; dmarc=permerror header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MTOZQ-1p8jmH2M4i-00TiWa for ; Thu, 19 Jan 2023 21:38:49 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 0BF27A807B2; Thu, 19 Jan 2023 21:38:49 +0100 (CET) Date: Thu, 19 Jan 2023 21:38:49 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Feature request: sudo Message-ID: Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Provags-ID: V03:K1:isBeBbUhIfxRiKrRtmbDiP0XtLINf3GPgqAeCkplvlZeb0hR7Tp pp6/JwI4wDzoAL/7cdDTFOKXlcOOUCCq9RF2vuQ3rTD2zsvIsJ1Bmdqlib6Zxu41FfJtusO 3nKBPAstlU2vl5AbYlN3rs0MnzKaUvRIA/LAP3oC64RPNORC6eehbIzeAqdaEzixbl+7K69 C9KYSK/XTL6+2cRMacd0w== UI-OutboundReport: notjunk:1;M01:P0:leG5yFFh8V4=;QeS+4L5cKZSkE+IVRqtOoNVi16i FSunDEaeUKMMaMEk7YEz90V8reY8OXXf6NFom+J5lzjKjsKKuEp+ZT97fI2ksLV4UCitl6jBf NbT7c57ph2QKdAcRpw0HC9dDwU8ouR98jrWa+7E3DLCiUCDvNoLFoHtbZBQEyb7CNWYSiULM+ u2oS9r903ekNPKuFOz5VenXFfjmoq6LW1LM1VJ1/fBMgg0gQumuHcaNs3QxmuVXOsJT/fWxtM Vko+Qw4+ggRBdveCQku5ZIfXrMo8j/yAEQIpEmockRoiQfqoV3I+CTo9dmWzrQFYk2S4y2fw3 k4vSe6KQT3wIqgsf+K9qlLdB3zLgtVgrDWRhYZ8fjHGWfAi1s+UOVsFNiEIm8OKLEuCq3PrsM cmrgb9zq2p8AYhUFnePJRvx4/sVId5xZfgc6IA20OPb6TSNbfpmdj4aiLkTDI76v4iNCHOrg0 h7bKvRQfrG15q0Ge8VE5l5bvcnhG15nbK/h+a7nF2uo+W5MHcE5pK9Qy2/hbgYukecxsHef5H j1AAIxCLYHWQgEDC/PvCOoeMduyDf14IMZaJncr23H7I676tc5NjLFC/7yxRg14MSRsrxnWCI OvgBnZOeoPnjG0vrS4b8S66lxeFdOMRA8eF+emUu4vQkm9lNCDzZqtfr3351LMMK6SsxBgB6b tvZQHd1qe7kkDlK7sizNfnqux4Kl8rjfffYglHK7Cw== X-Spam-Status: No, score=-97.0 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_FAIL,SPF_HELO_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Jan 19 20:17, Jochen Wiedmann via Cygwin wrote: > Hi, > > as someone who is quite used to typing > > sudo do something > > I would really like to do the same in my CygWin bash.In my opinion, > this could be implemented > relatively simply, and straightforward as follows: > > - Accept an array of strings with the command, that is being > executed with administrator > privileges. > - Use the standard Windows API to execute some functionality with > admin privileges. > In the current case, that functionality would be a simple exec > with the above command line. Assuming you already are running an administrative account and you just want to elevate a process, rather than actually switching the user context to, say, "Administrator". - The underlying Win32 system calls implementing fork/execve, i.e. CreateProcess and CreateProcessAsUser, don't allow to start an elevated process from a non-elevated process, unless you already have access to your elevated token. While you can actually access that token, this token is not suitable for CreateProcessAsUser, unless you access it with TCB privileges... which only an already elevated process has. - Windows doesn't provide SUID/SGID bits. They are just faked in Cygwin using some bits in a NULL SID. Thus, a sudo tool with SUID bit set is not workable on Windows, unless you control running an executable from an already privileged process which creates the user token. This could be done by cygserver, but nobody implemented that yet. https://cygwin.com/acronyms/#SHTDI Having said that, you can kind of do it yourself: - Install and run Cygwin's sshd as a service. - Create a public key pair. - alias sudo='ssh localhost' Corinna