Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Tue, 14 Jan 2003 10:07:10 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: current state of credential hopping?
Message-ID:	<20030114090710.GC1373@cygbert.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<Pine DOT LNX DOT 4 DOT 33 DOT 0301131746310 DOT 32485-100000 AT denzel DOT in> <Pine DOT GSO DOT 4 DOT 44 DOT 0301132151450 DOT 10883-100000 AT slinky DOT cs DOT nyu DOT edu>
Mime-Version:	1.0
In-Reply-To:	<Pine.GSO.4.44.0301132151450.10883-100000@slinky.cs.nyu.edu>
User-Agent:	Mutt/1.4i

On Mon, Jan 13, 2003 at 10:16:57PM -0500, Igor Pechtchanski wrote:
> Technically, nothing prevents an administrator on a machine from giving
> this permission (called, I *think*, 'Create a token object') to a user
> other than LocalSystem, which will then allow that user to run 'login'
> successfully.  It is impractical from a security standpoint, however, to
> give this permission to all users.

Giving it even to one single user is a wide open security hole.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -