From: | Jason Tishler <jason(at)tishler(dot)net> |
---|---|
To: | Dan Holmsand <dan(at)eyebee(dot)com> |
Cc: | pgsql-cygwin(at)postgresql(dot)org |
Subject: | Re: Initdb fails... Again! |
Date: | 2003-01-28 14:50:33 |
Message-ID: | 20030128145033.GC1828@tishler.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-cygwin |
Dan,
On Tue, Jan 28, 2003 at 01:00:11AM +0100, Dan Holmsand wrote:
> Really sorry to be stubborn,
No problem.
> but I happen to think that this is an interesting subject...
Agreed, but maybe we should move this thread to the Cygwin list?
> Jason Tishler wrote:
> >You *can* log on as LocalSystem via ssh:
>
> I know. The disadvantage is of course that anyone that can run as me
> also gets access to LocalSystem without any password checks at all.
Agreed, but someone can attack your root account too.
> >There is also cmdasuser:
> >
> > http://www.develop.com/kbrown/security/sample_cmdasuser.htm
> >
> >which can switch user to LocalSystem too.
>
> Wow. That's scary! That actually shows that running as a member of
> Administrators is pretty much exactly as dangerous as running with
> "Create a token object" etc. privilegies, since they obviously can be
> so easily acquired.
Yup!
> Anyway, cmdasuser doesn't work very conveniently for me: I'm not a
> member of "Administrators" (for security reasons). Even if I was, it
> feels like a pretty big security risk just to have that kind of thing
> laying around :-).
Agreed!
> And it doesn't work remotely. Also, it has a nasty habit of killing
> child processes on exit, so "/etc/rc.d/init.d/sshd restart" is a small
> disaster...
I just threw out cmdasuser to demonstrate that there was YA way to
become the LocalSystem user.
> >>Unless such programs are really, really carefully ported to Cygwin,
> >>you get a security hole when running them as uid 18 (i.e. "SYSTEM").
> >
> >Then those ports (e.g., apache) are broken and should be fixed. For
> >example, my fetchmail, procmail, and vsftpd ports recognized uid 18 as
> >the root uid and behave accordingly.
>
> Now that's a really good argument. In particular, my running as uid 0
> breaks "correctly ported" apps in this regard. OTOH, I maintain that
> getting this 100% right is non-trivial, since it is quite untestable.
Why is it untestable? Plus, the source for all Cygwin apps are
available for inspection.
> If Cygwin's intention is that uid 18 should be equivalent to Unix' uid
> 0, then why on earth is Local System uid 18?
It was a regrettable choice by Corinna. :,) Actually, Cygwin UIDs are
derived from the last component of the user's SID. For example:
SYSTEM:*:18:544:,S-1-5-18::
^^ ^^
> >>4) It just feels a bit more unixy :-)
> >
> >I guess so, but when in Rome... :,)
>
> Hmm. I always thought the whole purpose of Cygwin was to save me from
> the evils of Rome (or Redmond, to be a bit more precise). ;-)
Touche!
Jason
--
PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D 8784 1AFD E4CC ECF4 8EF6
From | Date | Subject | |
---|---|---|---|
Next Message | DDonnelly | 2003-01-28 20:52:29 | Problems adding C Extentions |
Previous Message | Jason Tishler | 2003-01-28 14:22:58 | Re: Plperl, createlang fails |