对于基于 Unix 平台的 SUID 等效项,我在 MS Windows 平台上有哪些选择?
为了理解我的问题,区分 Unix 中 SUID 的几种用法很重要。
我有一个项目,它使用用户路径中的可执行文件,该可执行文件归该项目所有,并且设置了 SUID 位。 这样,当它运行时,它就在文件所有者的上下文中运行,而不是在调用用户的上下文中运行。 这样,它就可以访问用户无法访问的内容,从而通过正常的文件系统保护来保护这些内容免受用户的访问。 这相当有效。 计划将该项目转移到客户端-服务器架构,但这需要一些时间。 同时,我如何在 Windows 系统上复制这种类型的行为?
请注意,该项目的可执行文件不会调用 SETUID 库调用,但坦率地说,考虑到该项目的功能,在我看来,这将是一个很好的添加功能。 该项目不需要系统root权限。 第一个安全问题是它需要保护自己的文件免受用户(即文件所有者以外的任何用户)的侵害,如果它能够切换到“用户上下文”来访问文件,那就太好了系统就好像它是呼叫用户一样。 (通过这种方式,它可以更容易地确定项目可以接触什么,不可以接触什么。)
该项目是用 C 和 Java 组合编写的 - 设置了 SUID 的 C 程序调用 Java 代码...
我我热衷于了解所有此类机制,并且特别关注以下机制:
- 适用于 C 和 Java,并且;
- 对于非 Windows 程序员来说易于实现,并且;
- 需要 Windows 特有的最少编码。
如果某些解决方案更好,请分享您在这方面所知道的任何想法。
注意:
- LogonUser:需要纯文本密码。 这怎么可能是答案呢?
- RunAs:需要在提示时输入密码! ...与 LogonUser 一样,只会更糟; 我不明白这是怎么一个答案。
To understand what I'm asking, it's important to distinguish from among the several uses of SUID in Unix.
I have a project that uses an executable in the user's PATH which is owned by the project and which has the SUID bit set. In this way, when it runs, it runs in the context of the file's owner, not the calling user. This way, it has access to things that the user does not, and thereby these things are protected from the user by normal file system protections. This works reasonably well. Plans are to move the project to a client-server architecture but that's going to take some time. In the mean time, how can I replicate this type of behavior on Windows systems?
Note that the project's executables do not call the SETUID library call though, frankly, that would be a great feature to add, in my opinion, given what the project does. The project does not need system root privileges. It's first security concern is that it needs to protect its own files from the user (which is simply any user other than the file owner) and it would be very nice if it had the ability to switch to "user context" to access the file system as if it were the calling user. (In this way, it could more easily determine what is OK for the project to touch and what is not.)
The project is written in a combination of C and Java - a C program with SUID set calls the Java code...
I am keen to know all such mechanisms, and am especially focused on those which are:
- Suitable for C and Java, and;
- Easy to implement for non-Windows programmers, and;
- Require minimal coding unique to Windows.
If some solutions are superior, please share your thoughts on whatever you are aware of in this regard.
NOTES:
- LogonUser: Requires a password in plain text. How can that be an answer?
- RunAs: Requires password be entered at PROMPT! ...As with LogonUser only worse; I don't see how this is an answer.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Cygwin 在此处对如何在不需要用户密码的情况下执行此操作进行了精彩的讨论:在 Cygwin 中使用 Windows 安全性
基本上,他们安装了一个自定义 LSA 身份验证包,无需密码即可提供安全令牌。 作为后备方案,当未安装身份验证包时,他们使用未记录的 NtCreateToken API。
想要模拟的应用程序可以在调用 java 之前进行 cygwin setuid 调用。
Cygwin has an excellent discussion on how they do this without requiring the user password here: Using Windows security in Cygwin
Basically they install a custom LSA authentication package that provides security tokens without requiring a password. As a fallback, when the authentication package is not installed, they use the undocumented NtCreateToken API.
An application wanting to impersonate could make a cygwin setuid call before calling java.
我认为 Windows 中没有等效的 SETUID,但您可以以另一个用户身份启动进程。 如果您使用 C,实际上只需要研究两个主要的 Windows 特定函数:
登录用户
CreateProcessAsUser
这些函数的文档非常好,所以它不应该是一个巨大的挑战。 基本上,您将使用 LogonUser 来模拟用户,然后使用 CreateProcessAsUser 以该用户身份启动 JVM。
您还可以查看 RUNAS 命令,但我不确定这是否会是否满足您的需求。
I don't think there's an equivilent of SETUID in Windows, but you can launch a process as another user. If you are using C, there are really only two major Windows Specific functions you'll need to look into:
LogonUser
CreateProcessAsUser
The docs for those functions are pretty good, so it shouldn't be that huge of a challenge. Basicly, you'll use LogonUser to impersonate the user, then CreateProcessAsUser to launch the JVM as that user.
You could also look at the RUNAS command, but I'm not sure if that would meet your needs or not.