Re: Initdb fails... Again!

Jason,

Really sorry to be stubborn, but I happen to think that this is an
interesting subject...

Jason Tishler wrote:
> You *can* log on as LocalSystem via ssh:

I know. The disadvantage is of course that anyone that can run as me
also gets access to LocalSystem without any password checks at all.

> There is also cmdasuser:
>
>     http://www.develop.com/kbrown/security/sample_cmdasuser.htm
>
> which can switch user to LocalSystem too.

Wow. That's scary! That actually shows that running as a member of
Administrators is pretty much exactly as dangerous as running with
"Create a token object" etc. privilegies, since they obviously can be so
easily acquired.

Anyway, cmdasuser doesn't work very conveniently for me: I'm not a
member of "Administrators" (for security reasons). Even if I was, it
feels like a pretty big security risk just to have that kind of thing
laying around :-). And it doesn't work remotely. Also, it has a nasty
habit of killing child processes on exit, so "/etc/rc.d/init.d/sshd
restart" is a small disaster...

>>Unless such programs are really, really carefully ported to Cygwin,
>>you get a security hole when running them as uid 18 (i.e. "SYSTEM").
>
>
> Then those ports (e.g., apache) are broken and should be fixed.  For
> example, my fetchmail, procmail, and vsftpd ports recognized uid 18 as
> the root uid and behave accordingly.

Now that's a really good argument. In particular, my running as uid 0
breaks "correctly ported" apps in this regard. OTOH, I maintain that
getting this 100% right is non-trivial, since it is quite untestable.

If Cygwin's intention is that uid 18 should be equivalent to Unix' uid
0, then why on earth is Local System uid 18?

>>4) It just feels a bit more unixy :-)
>
>
> I guess so, but when in Rome... :,)

Hmm. I always thought the whole purpose of Cygwin was to save me from
the evils of Rome (or Redmond, to be a bit more precise). ;-)

/dan