Re: Initdb fails... Again! - Mailing list pgsql-cygwin

From Jason Tishler
Subject Re: Initdb fails... Again!
Date
Msg-id 20030128145033.GC1828@tishler.net
Whole thread Raw
In response to Re: Initdb fails... Again!  (Jason Tishler <jason@tishler.net>)
List pgsql-cygwin
Dan,

On Tue, Jan 28, 2003 at 01:00:11AM +0100, Dan Holmsand wrote:
> Really sorry to be stubborn,

No problem.

> but I happen to think that this is an interesting subject...

Agreed, but maybe we should move this thread to the Cygwin list?

> Jason Tishler wrote:
> >You *can* log on as LocalSystem via ssh:
>
> I know. The disadvantage is of course that anyone that can run as me
> also gets access to LocalSystem without any password checks at all.

Agreed, but someone can attack your root account too.

> >There is also cmdasuser:
> >
> >    http://www.develop.com/kbrown/security/sample_cmdasuser.htm
> >
> >which can switch user to LocalSystem too.
>
> Wow. That's scary! That actually shows that running as a member of
> Administrators is pretty much exactly as dangerous as running with
> "Create a token object" etc. privilegies, since they obviously can be
> so easily acquired.

Yup!

> Anyway, cmdasuser doesn't work very conveniently for me: I'm not a
> member of "Administrators" (for security reasons). Even if I was, it
> feels like a pretty big security risk just to have that kind of thing
> laying around :-).

Agreed!

> And it doesn't work remotely. Also, it has a nasty habit of killing
> child processes on exit, so "/etc/rc.d/init.d/sshd restart" is a small
> disaster...

I just threw out cmdasuser to demonstrate that there was YA way to
become the LocalSystem user.

> >>Unless such programs are really, really carefully ported to Cygwin,
> >>you get a security hole when running them as uid 18 (i.e. "SYSTEM").
> >
> >Then those ports (e.g., apache) are broken and should be fixed.  For
> >example, my fetchmail, procmail, and vsftpd ports recognized uid 18 as
> >the root uid and behave accordingly.
>
> Now that's a really good argument. In particular, my running as uid 0
> breaks "correctly ported" apps in this regard. OTOH, I maintain that
> getting this 100% right is non-trivial, since it is quite untestable.

Why is it untestable?  Plus, the source for all Cygwin apps are
available for inspection.

> If Cygwin's intention is that uid 18 should be equivalent to Unix' uid
> 0, then why on earth is Local System uid 18?

It was a regrettable choice by Corinna. :,)  Actually, Cygwin UIDs are
derived from the last component of the user's SID.  For example:

    SYSTEM:*:18:544:,S-1-5-18::
             ^^            ^^

> >>4) It just feels a bit more unixy :-)
> >
> >I guess so, but when in Rome... :,)
>
> Hmm. I always thought the whole purpose of Cygwin was to save me from
> the evils of Rome (or Redmond, to be a bit more precise). ;-)

Touche!

Jason

--
PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D  8784 1AFD E4CC ECF4 8EF6

pgsql-cygwin by date:

Previous
From: Jason Tishler
Date:
Subject: Re: Plperl, createlang fails
Next
From: John Smith
Date:
Subject: postmaster does not shut down