[PATCH]: Cygwin port of 2.2.0p1

Andrew Zabolotny bit at eltech.ru
Wed Sep 6 17:55:19 EST 2000


On Tue, 05 Sep 2000 18:35:19 +0200, Corinna Vinschen wrote:

>> If so, there should be some replacement check to prevent non admin users
>> from doing things like setting up port forwards for ports < 1024, etc.
>That's impossible. Windows doesn't check that you are some sort
>of special user which has the right to use ports < 1024. Everyone
>may use that ports. As mentioned above the membership in a user
>group doesn't mean much. To get things worse, think of W95/W98
>which doesn't know of the concept of different users either.

This can be solved by defining a macro like this:

#ifndef USER_IS_ROOT
#define USER_IS_ROOT(name,uid) (uid == 0)
#endif

and in respective system-dependent header files to define something like this:

#define USER_IS_ROOT(name,uid) w32_user_is_root(name)
extern int w32_user_is_root(char *name);

This approach also have the plus that it does not need to be implemented 
immediately for win32, it is just a outlet to which you can later connect any 
code (for any other platform).

>> Does this mean the only way to change Window's equivalent of uid is with
>> a valid password?
>Yes. Without special authentication packages you have no chance
>to change the user context without knowing the NT password of that
>user.
Well, if you have administrator rights this should be possible, but maybe is 
not straightforward. Something like "change user's password to empty, login 
with empty password, change password back" should be definitely possible. But 
this is kinda clumsy and results in a race condition. There could be other ways 
to do that.

Greetings,
    _\ndy at teamOS/2





More information about the openssh-unix-dev mailing list