Mail Archives: cygwin/2006/03/01/17:06:28

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2006/03/01/17:06:28

X-Spam-Check-By: sourceware.org

Message-ID: <44061AD0.7010005@t-online.de>

Date: Wed, 01 Mar 2006 23:06:08 +0100

From: Christian Franke <Christian DOT Franke AT t-online DOT de>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: No effect of SE_BACKUP_NAME privilege on cygwin?

References: <4405F5F9 DOT 8010708 AT t-online DOT de> <20060301205536 DOT GA11552 AT calimero DOT vinschen DOT de>

In-Reply-To: <20060301205536.GA11552@calimero.vinschen.de>

X-ID: E68GRBZHgeD3iNSlx0d0COHlH4hLgIFpNqqNShSDkyfqEA7sLK7TsO

X-TOI-MSGID: aadca835-2049-45ba-8d68-0a04b79c0bc4

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen wrote:
> On Mar  1 20:28, Christian Franke wrote:
>   
>> Enabling SE_BACKUP_NAME has no effect for cygwin programs.
>>     
>
> You're expecting that you can use Windows functions in a POSIX
> application without disturbing the way Cygwin works.  That's a bit
> dangerous.

Agree.

(I tried to add a "regtool save ..." action to allow backup of registry 
hives from scripts.
This calls RegSaveKey which needs SE_BACKUP_NAME.)


>   A Cygwin application's main thread is not running under the
> process token, but under a derived impersonation token.  This is true
> for every thread in Cygwin.  So, instead of using OpenProcessToken, you
> should be able to accomplish what you want by calling OpenThreadToken.
>   

Yes, it works, thanks!

Already tried this before but gave up too early, because it didn't work 
in the non-cygwin version ;-)
I didn't realize that the main thread has no token by default...


> However, I'm wondering if a Cygwin application should always try by
> itself to request the SE_BACKUP_NAME privilege.  It would simplify file
> access for all privileged processes.  Hmm.
>   

Sounds reasonable.
SE_RESTORE_NAME is requested somewhere in the code, but not SE_BACKUP_NAME.

Christian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<44061AD0.7010005@t-online.de>
Date:	Wed, 01 Mar 2006 23:06:08 +0100
From:	Christian Franke <Christian DOT Franke AT t-online DOT de>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: No effect of SE_BACKUP_NAME privilege on cygwin?
References:	<4405F5F9 DOT 8010708 AT t-online DOT de> <20060301205536 DOT GA11552 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20060301205536.GA11552@calimero.vinschen.de>
X-ID:	E68GRBZHgeD3iNSlx0d0COHlH4hLgIFpNqqNShSDkyfqEA7sLK7TsO
X-TOI-MSGID:	aadca835-2049-45ba-8d68-0a04b79c0bc4
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com