server).
After some thinking I decided to keep the setup as simple as possible,
and not to use inetd. So, I have the following options:
1. Patch the server not to use setreuid, install it as a service and run
it as SYSTEM.
2. Install the server as a service, give the SYSTEM user Create a token
On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote:
After some thinking I decided to keep the setup as simple as possible,
and not to use inetd. So, I have the following options:
1. Patch the server not to use setreuid, install it as a service and run
it as SYSTEM.
That's
Hello, Corinna.
On Fri, Nov 28, 2003 at 04:08:00PM +0100, Corinna Vinschen wrote:
3. Install the server as a service to be run as nobody or as a special
user just for this service (say, tftp).
Best solution. If there's a chance to run stuff under a non-priv'd
account, just do it.
On Fri, 28 Nov 2003, Baurjan Ismagulov wrote:
[snip]
BTW, I couldn't find the cygwin-2003-10.bz2 mbox archive under
ftp://sources.redhat.com/pub/cygwin/mail-archives. There are some
problems/delays, or these archives will not be available any more?
The file seems to have been misplaced. The
to permanently_set_uid is followed by a
call to setreuid, which fails with 'permission denied'.
I guess that this is Windows refusing to allow the sshsvc user to switch
to the real user that i'm trying to log in as.
I was lead to believe from the docs and from Corinna's posts that the
user rights
:) . I had
thought that the first three privileges were enough to change user with
setreuid alone without a password.
Btw., if you're planning to use that account as logon account, don't
give these rights to that account. That's very dangerous.
Because of possible privilege escalation
On Fri, Oct 17, 2003 at 04:52:34PM +0300, Baurjan Ismagulov wrote:
Btw., if you're planning to use that account as logon account, don't
give these rights to that account. That's very dangerous.
Because of possible privilege escalation, or are there any other
implications?
Yes, no. ;-)
Hello, Corinna.
Thank you for the prompt answer.
On Wed, Oct 15, 2003 at 15:45:51, Corinna Vinschen wrote:
I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
EPERM? Should I have any special privileges?
Yes.
I was unable to find this information, could you please mention
On Thu, Oct 16, 2003 at 01:37:25PM +0300, Baurjan Ismagulov wrote:
Hello, Corinna.
Thank you for the prompt answer.
On Wed, Oct 15, 2003 at 15:45:51, Corinna Vinschen wrote:
I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
EPERM? Should I have any special privileges
searched specifically for setreuid and couldn't think
generally enough. Thanks much for your help!
BTW, it took quite some time to figure out that increase quotas was
erstellen eines Tokenobjekts :/ .
With kind regards,
Baurjan.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
of
documentation under http://cygwin.com/cygwin-ug-net/ntsec.html.
Ah! I had searched specifically for setreuid and couldn't think
generally enough. Thanks much for your help!
BTW, it took quite some time to figure out that increase quotas was
erstellen eines Tokenobjekts :/ .
No, that's not right
Speicherkontingenten für einen ProzessAdministratoren
Erstellen eines Tokenobjekts -
ibr is a member of Administratoren.
Logout, login, tftpd. The result is: setreuid(1012, 1012) = -1 EPERM.
This works if I grant Erstellen eines Tokenobjekts to ZAISAN\ibr. What
is going
Ersetzen eines Tokens auf Prozessebene ZAISAN\ibr
Anpassen von Speicherkontingenten f?r einen ProzessAdministratoren
Erstellen eines Tokenobjekts -
ibr is a member of Administratoren.
Logout, login, tftpd. The result is: setreuid(1012, 1012) = -1 EPERM
Hello,
I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
EPERM? Should I have any special privileges?
Cygwin 1.3.22-dontuse-21 running on a Windows XP 5.1.2600 (system
utility in control panel says version 2002, whatever this means). I'm
user ibr (member of Administrators
On Wed, Oct 15, 2003 at 01:52:12PM +0300, Baurjan Ismagulov wrote:
Hello,
I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
EPERM? Should I have any special privileges?
Yes.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin
The attached patch implements setregid() and setreuid() as recommended
by Pierre in:
http://cygwin.com/ml/cygwin-developers/2003-01/msg00115.html
Thanks,
Jason
--
PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D 8784 1AFD E4CC ECF4
On Fri, Jan 24, 2003 at 09:55:20AM -0500, Jason Tishler wrote:
The attached patch implements setregid() and setreuid() as recommended
by Pierre in:
http://cygwin.com/ml/cygwin-developers/2003-01/msg00115.html
Oops. I just realized that I need to submit a corresponding newlib
patch
On Fri, Jan 24, 2003 at 09:55:20AM -0500, Jason Tishler wrote:
The attached patch implements setregid() and setreuid() as recommended
by Pierre in:
http://cygwin.com/ml/cygwin-developers/2003-01/msg00115.html
Applied with minor changes:
+setreuid (__uid32_t ruid, __uid32_t euid
On Fri, Jan 24, 2003 at 10:21:20AM -0500, Jason Tishler wrote:
Oops. I just realized that I need to submit a corresponding newlib
patch to declare setregid() and setreuid().
Too late ;-)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer
Corinna,
On Fri, Jan 24, 2003 at 04:26:36PM +0100, Corinna Vinschen wrote:
Applied with minor changes:
+setreuid (__uid32_t ruid, __uid32_t euid)
^
__uid16_t
Oops, yank and put error. Thanks for cleaning up after me.
I've also applied the missing
20 matches
Mail list logo