[ITP] libsuexec 1.0
This is not an existing package, but a spin-off project from porting Sendmail and
Procmail to Cygwin. These programs, as you may or may not know, rely heavily on the
setuid mechanism (impersonating as another user).
More formally, this is called 'running as an unprivileged user' in Linux and
'privilege separation' in OpenBSD. In Cygwin, this mechanism is already implemented
in the ssh daemon.
Sendmail takes this idea to the extreme. It starts up as the root user and waits for
connections. On connection, it starts the 'queue runner' program as an unprivileged
user called 'smmsp', which handles the conversation with the remote e-mail client.
If the incoming e-mail has to be delivered locally (stored on disk), the queue
runner starts the procmail program, which in turn switches to the actual user the
e-mail is meant for and stores it in the user's inbox.
So, for instance sending an e-mail to myself involves switching through three users:
root -> smmsp -> daniel
Up to WinXP and Win2002, porting source code for Cygwin which performed this
switching of users, wasn't a big problem.
In Windows, it is the 'SYSTEM' user which starts up most services, thus in effect
acting as the Unix 'root' user. The difference is that SYSTEM has uid '18', while
root has uid '0' in Unix.
So, if porting from Unix to Cygwin one could just look for all occurances of uid '0'