Bug 1114

Summary:

Make concept of "root UID" more abstract for Interix support

Product:

Portable OpenSSH

Reporter:

Todd Vierling <tv>

Component:

Miscellaneous

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED WONTFIX

Severity:

enhancement

CC:

djm

Priority:

Version:

4.2p1

Hardware:

Other

OS:

Other

Bug Depends on:

1112, 1113

Bug Blocks:

Attachments:

Description	Flags
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros	none
split uid checks into capabilities.	none

Description Todd Vierling 2005-11-05 15:31:38 AEDT

In order to get all the flurry of file ownership and permissions checks correct on Interix, it is necessary to use something other than plain 0 to indicate "privileged user".  In theory, anyone in the "Administrators" group has full access, but there is one uid with privileges above all others (Administrator) that can be considered equivalent to root.

This is a nontrivial, but low impact (C preprocessor symbol only) change.  However, it is somewhat necessary to make sshd function on Interix, in addition to the dependcy bugs attached here.  I'm also open to other ideas on how the concept of "are privileges correct?" might be made more abstract.

Comment 1 Todd Vierling 2005-11-05 15:32:47 AEDT

Created attachment 1022 [details]
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros

Comment 2 Darren Tucker 2005-11-05 15:50:26 AEDT

If we're going to do this, I'd rather have it know the difference between the various privileges, eg "have_privilege(BIND_LOW_PORT)" or "have_privilege(SWITCH_USER)" and so on.

Of course, the question remains: why does a Unix compatibility layer have a root uid that's not zero?

Comment 3 Todd Vierling 2005-11-06 02:52:30 AEDT

Interix user IDs come from its parent OS (Windows).  Local system-supplied users are 0x30000 + <system uid>, and "Administrator" is system uid 1000.

It's really unfortunate that there is no special-case maping to 0.  But as I noted, the rights that openssh uses are available to more than just the "root" user -- anyone in a specific group can also do setuid.  This is not too far of a departure from POSIX.1e CAP_SETUID, so maybe it would be appropriate to do the abstraction anyway?  (The important part here though is that such a refactor would probably need to bubble back up to the OpenBSD source repo level.)

Comment 4 Darren Tucker 2005-11-06 18:00:02 AEDT

Created attachment 1026 [details]
split uid checks into capabilities.

First attempt.  Doesn't consider uids currently.

Comment 5 Darren Tucker 2005-11-06 18:22:49 AEDT

(In reply to comment #4)
> First attempt.  Doesn't consider uids currently.

Err, make that "doesn't consider gids".

Comment 6 Darren Tucker 2005-11-10 18:41:52 AEDT

(In reply to comment #3)
> Interix user IDs come from its parent OS (Windows).  Local system-supplied
> users are 0x30000 + <system uid>, and "Administrator" is system uid 1000.

Hmm, that doesn't quite seem to add up.  Your patch has:
+# define ROOTUID	197108

but 0x30000 + 1000 = 197608

Comment 7 Todd Vierling 2005-11-11 02:57:36 AEDT

Sorry, I miswrote.  The Interix "Administrator" user is Win32 UID 500, not 1000.  That's the reason for the discrepancy.

Comment 8 Damien Miller 2018-04-06 14:43:34 AEST

I think this is obsolete with the addition of native windows OpenSSH

Comment 9 Damien Miller 2021-04-23 15:08:20 AEST

closing resolved bugs as of 8.6p1 release