Mail Archives: cygwin/2003/10/17/09:44:41

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/10/17/09:44:41

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Date: Fri, 17 Oct 2003 16:52:34 +0300

From: Baurjan Ismagulov <ibr AT ata DOT cs DOT hun DOT edu DOT tr>

To: cygwin AT sources DOT redhat DOT com

Subject: Re: setreuid

Message-ID: <20031017135231.GA12904@ata.cs.hacettepe.edu.tr>

Mail-Followup-To: cygwin AT sources DOT redhat DOT com

References: <20031015105210 DOT GF18774 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016103723 DOT GA5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016125317 DOT GB5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016142337 DOT GC5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr>

Mime-Version: 1.0

In-Reply-To: <20031016142337.GC5542@ata.cs.hacettepe.edu.tr>

User-Agent: Mutt/1.5.4i

Hello, Corinna.

On Thu, Oct 16, 2003 at 15:50:59, Corinna Vinschen wrote:
> > This works if I grant "Erstellen eines Tokenobjekts" to ZAISAN\ibr. What
> > is going on?
> That's correct.  Did you read http://cygwin.com/cygwin-ug-net/ntsec.html?

The problem is not to read, the problem is to understand :) . I had
thought that the first three privileges were enough to change user with
setreuid alone without a password.

> Btw., if you're planning to use that account as logon account, don't
> give these rights to that account.  That's very dangerous.

Because of possible privilege escalation, or are there any other
implications?

> Start a
> service under system account as inetd and let it handle the user context
> switch.

Thanks for the tip, I'll do so.

With kind regards,
Baurjan.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Fri, 17 Oct 2003 16:52:34 +0300
From:	Baurjan Ismagulov <ibr AT ata DOT cs DOT hun DOT edu DOT tr>
To:	cygwin AT sources DOT redhat DOT com
Subject:	Re: setreuid
Message-ID:	<20031017135231.GA12904@ata.cs.hacettepe.edu.tr>
Mail-Followup-To:	cygwin AT sources DOT redhat DOT com
References:	<20031015105210 DOT GF18774 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016103723 DOT GA5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016125317 DOT GB5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr> <20031016142337 DOT GC5542 AT ata DOT cs DOT hacettepe DOT edu DOT tr>
Mime-Version:	1.0
In-Reply-To:	<20031016142337.GC5542@ata.cs.hacettepe.edu.tr>
User-Agent:	Mutt/1.5.4i