| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-3.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | Eric Blake <ebb9 AT byu DOT net> |
| Subject: | Re: I'd like to have an unreadable file |
| Date: | Thu, 30 Apr 2009 22:19:22 +0000 (UTC) |
| Lines: | 31 |
| Message-ID: | <loom.20090430T221044-650@post.gmane.org> |
| References: | <Pine DOT NEB DOT 4 DOT 64 DOT 0904301620510 DOT 20542 AT panix2 DOT panix DOT com> <49FA1C44 DOT 6020007 AT cygwin DOT com> <Pine DOT NEB DOT 4 DOT 64 DOT 0904301702540 DOT 11538 AT panix2 DOT panix DOT com> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Tim McDaniel <tmcd <at> panix.com> writes: > > On Thu, 30 Apr 2009, Larry Hall wrote: > > It's a known fact that Cygwin allows users that are members of the > > Adminstrators group access to any file, regardless of its > > permissions. > > Thank you for the quick reply. (Though I find it scary that Cygwin > can escalate privileges so very much.) Cygwin is not escalating privileges. Rather, what is scary is that Windows provides that many privilges to administrators in the first place (in the case of reading a file with no explicit read permissions, it is the read-with-intent- to-backup privilege that lets you in). It's just that most Windows apps don't exploit those privileges as readily as cygwin. Now think of how many users run with administrator privileges by default (much higher than the number of people who run Unix with root priviliges by default). No wonder virus writes like Windows. > > I guess the workaround would be to simply test the script by running > as a user who is not in the Administrators group. Yes - if you want to avoid superuser privileges, then don't log in as a superuser. -- Eric Blake -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |