On Fri, 28 Nov 2003, Baurjan Ismagulov wrote:
> [snip]
> BTW, I couldn't find the cygwin-2003-10.bz2 mbox archive under
> ftp://sources.redhat.com/pub/cygwin/mail-archives. There are some
> problems/delays, or these archives will not be available any more?
The file seems to have been misplaced.
Hello, Corinna.
On Fri, Nov 28, 2003 at 04:08:00PM +0100, Corinna Vinschen wrote:
> > 3. Install the server as a service to be run as nobody or as a special
> >user just for this service (say, "tftp").
> Best solution. If there's a chance to run stuff under a non-priv'd
> account, just do it.
On Fri, Nov 28, 2003 at 02:06:29PM +0200, Baurjan Ismagulov wrote:
> After some thinking I decided to keep the setup as simple as possible,
> and not to use inetd. So, I have the following options:
>
> 1. Patch the server not to use setreuid, install it as a service and run
>
yed with all alternatives, and everything works fine (BTW, it
was a TFTP server).
After some thinking I decided to keep the setup as simple as possible,
and not to use inetd. So, I have the following options:
1. Patch the server not to use setreuid, install it as a service and run
it as SYSTEM.
ll to permanently_set_uid is followed by a
call to setreuid, which fails with 'permission denied'.
I guess that this is Windows refusing to allow the sshsvc user to switch
to the real user that i'm trying to log in as.
I was lead to believe from the docs and from Corinna's po
On Fri, Oct 17, 2003 at 04:52:34PM +0300, Baurjan Ismagulov wrote:
> > Btw., if you're planning to use that account as logon account, don't
> > give these rights to that account. That's very dangerous.
>
> Because of possible privilege escalation, or are there any other
> implications?
Yes, no.
not to read, the problem is to understand :) . I had
thought that the first three privileges were enough to change user with
setreuid alone without a password.
> Btw., if you're planning to use that account as logon account, don't
> give these rights to that account. That's very d
len eines Tokenobjekts -
>
> ibr is a member of Administratoren.
>
> Logout, login, tftpd. The result is: setreuid(1012, 1012) = -1 EPERM.
> This works if I grant "Erstellen eines Tokenobjekts" to ZAISAN\ibr. What
> is going on?
That's
ZAISAN\ibr
Ersetzen eines Tokens auf Prozessebene ZAISAN\ibr
Anpassen von Speicherkontingenten für einen ProzessAdministratoren
Erstellen eines Tokenobjekts -
ibr is a member of Administratoren.
Logout, login, tftpd. The result is: setreuid
And we have a bit of
> > documentation under http://cygwin.com/cygwin-ug-net/ntsec.html.
>
> Ah! I had searched specifically for "setreuid" and couldn't think
> generally enough. Thanks much for your help!
>
> BTW, it took quite some time to figure out t
Ah! I had searched specifically for "setreuid" and couldn't think
generally enough. Thanks much for your help!
BTW, it took quite some time to figure out that "increase quotas" was
"erstellen eines Tokenobjekts" :/ .
With kind regards,
Baurjan.
--
Unsubscribe
On Thu, Oct 16, 2003 at 01:37:25PM +0300, Baurjan Ismagulov wrote:
> Hello, Corinna.
>
> Thank you for the prompt answer.
>
> On Wed, Oct 15, 2003 at 15:45:51, Corinna Vinschen wrote:
> > > I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
> >
Hello, Corinna.
Thank you for the prompt answer.
On Wed, Oct 15, 2003 at 15:45:51, Corinna Vinschen wrote:
> > I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
> > EPERM? Should I have any special privileges?
> Yes.
I was unable to find this informati
On Wed, Oct 15, 2003 at 01:52:12PM +0300, Baurjan Ismagulov wrote:
> Hello,
>
> I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
> EPERM? Should I have any special privileges?
Yes.
Corinna
--
Corinna Vinschen Please, send mails regarding
Hello,
I'm trying to use tftp-hpa. Why does setreuid(1012, 1012) fail with
EPERM? Should I have any special privileges?
Cygwin 1.3.22-dontuse-21 running on a Windows XP 5.1.2600 (system
utility in control panel says "version 2002", whatever this means). I'm
user ibr (memb
15 matches
Mail list logo
