X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
Date:	Mon, 4 May 2009 11:53:22 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: I'd like to have an unreadable file
Message-ID:	<20090504095322.GG21324@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<Pine DOT NEB DOT 4 DOT 64 DOT 0904301620510 DOT 20542 AT panix2 DOT panix DOT com> <49FA1C44 DOT 6020007 AT cygwin DOT com> <Pine DOT NEB DOT 4 DOT 64 DOT 0904301702540 DOT 11538 AT panix2 DOT panix DOT com> <loom DOT 20090430T221044-650 AT post DOT gmane DOT org>
MIME-Version:	1.0
In-Reply-To:	<loom.20090430T221044-650@post.gmane.org>
User-Agent:	Mutt/1.5.19 (2009-02-20)
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On Apr 30 22:19, Eric Blake wrote:
> Tim McDaniel <tmcd <at> panix.com> writes:
> > Thank you for the quick reply.  (Though I find it scary that Cygwin
> > can escalate privileges so very much.)
> 
> Cygwin is not escalating privileges.  Rather, what is scary is that
> Windows provides that many privilges to administrators in the first
> place (in the case of reading a file with no explicit read
> permissions, it is the read-with-intent- to-backup privilege that lets
> you in).  It's just that most Windows apps don't exploit those
> privileges as readily as cygwin.  Now think of how many users run with
> administrator privileges by default (much higher than the number of
> people who run Unix with root priviliges by default).  No wonder virus
> writes like Windows.

I'm not scared by the fact that Administrators have this rights.  After
all, the root user on Linux has all these rights as well and there has
to be an account with these rights.  The underlying problem is that with
Windows XP Microsoft missed to move the users to the more secure model
of running as unprivileged user all the time(*), and only use the "run
as admin" facility if it's really necessary.

That's why UAC has been added to Vista.  It's trying to add the
additional security which has been accidentally dropped in XP.  UAC was
IMHO not the right way to do it, since it's reverting to a more secure
user model by adding a lot of fragile complexity to the system, which
will constantly puzzle users, but at least the security is better now.


Corinna


(*) So as not to alienate former Windows 95/98/Me users.

> > I guess the workaround would be to simply test the script by running
> > as a user who is not in the Administrators group.
> 
> Yes - if you want to avoid superuser privileges, then don't log in as a 
> superuser.

Good idea :)


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -