Bug 1114 - Make concept of "root UID" more abstract for Interix support
Summary: Make concept of "root UID" more abstract for Interix support
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 4.2p1
Hardware: Other Other
: P3 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on: 1112 1113
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-05 15:31 AEDT by Todd Vierling
Modified: 2021-04-23 15:08 AEST (History)
1 user (show)

See Also:

Attachments
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros (7.00 KB, patch)
2005-11-05 15:32 AEDT, Todd Vierling 		no flags Details | Diff
split uid checks into capabilities. (10.22 KB, patch)
2005-11-06 18:00 AEDT, Darren Tucker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Todd Vierling 2005-11-05 15:31:38 AEDT 
In order to get all the flurry of file ownership and permissions checks correct on Interix, it is necessary to use something other than plain 0 to indicate "privileged user".  In theory, anyone in the "Administrators" group has full access, but there is one uid with privileges above all others (Administrator) that can be considered equivalent to root.

This is a nontrivial, but low impact (C preprocessor symbol only) change.  However, it is somewhat necessary to make sshd function on Interix, in addition to the dependcy bugs attached here.  I'm also open to other ideas on how the concept of "are privileges correct?" might be made more abstract.
Comment 1 Todd Vierling 2005-11-05 15:32:47 AEDT 
Created attachment 1022 [details]
Patch abstracting root uid/gid to ROOTUID/ROOTGID macros
Comment 2 Darren Tucker 2005-11-05 15:50:26 AEDT 
If we're going to do this, I'd rather have it know the difference between the various privileges, eg "have_privilege(BIND_LOW_PORT)" or "have_privilege(SWITCH_USER)" and so on.

Of course, the question remains: why does a Unix compatibility layer have a root uid that's not zero?
Comment 3 Todd Vierling 2005-11-06 02:52:30 AEDT 
Interix user IDs come from its parent OS (Windows).  Local system-supplied users are 0x30000 + <system uid>, and "Administrator" is system uid 1000.

It's really unfortunate that there is no special-case maping to 0.  But as I noted, the rights that openssh uses are available to more than just the "root" user -- anyone in a specific group can also do setuid.  This is not too far of a departure from POSIX.1e CAP_SETUID, so maybe it would be appropriate to do the abstraction anyway?  (The important part here though is that such a refactor would probably need to bubble back up to the OpenBSD source repo level.)
Comment 4 Darren Tucker 2005-11-06 18:00:02 AEDT 
Created attachment 1026 [details]
split uid checks into capabilities.

First attempt.  Doesn't consider uids currently.
Comment 5 Darren Tucker 2005-11-06 18:22:49 AEDT 
(In reply to comment #4)
> First attempt.  Doesn't consider uids currently.

Err, make that "doesn't consider gids".
Comment 6 Darren Tucker 2005-11-10 18:41:52 AEDT 
(In reply to comment #3)
> Interix user IDs come from its parent OS (Windows).  Local system-supplied
> users are 0x30000 + <system uid>, and "Administrator" is system uid 1000.

Hmm, that doesn't quite seem to add up.  Your patch has:
+# define ROOTUID	197108

but 0x30000 + 1000 = 197608
Comment 7 Todd Vierling 2005-11-11 02:57:36 AEDT 
Sorry, I miswrote.  The Interix "Administrator" user is Win32 UID 500, not 1000.  That's the reason for the discrepancy.
Comment 8 Damien Miller 2018-04-06 14:43:34 AEST 
I think this is obsolete with the addition of native windows OpenSSH
Comment 9 Damien Miller 2021-04-23 15:08:20 AEST 
closing resolved bugs as of 8.6p1 release