Mail Archives: cygwin/2010/04/26/15:35:07

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2010/04/26/15:35:07

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SARE_MSGID_LONG45,T_TO_NO_BRKTS_FREEMAIL

X-Spam-Check-By: sourceware.org

MIME-Version: 1.0

Date: Mon, 26 Apr 2010 15:34:54 -0400

Message-ID: <g2w9bdf03d21004261234qb993397y3afa2e9c60bca60c@mail.gmail.com>

Subject: Filtered tokens

From: Patrick Julien <pjulien AT gmail DOT com>

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

I have read the page found at
http://www.cygwin.com/cygwin-ug-net/ntsec.html but I still see the
following 2 issues with filtered tokens as implemented by Vista/7 when
used by cygwin.

When I say filtered tokens, I'm talking about the dual token strategy
these systems use to keep administrators running under non admin
privileges most of the time.

1. When using ssh/sshd, the token assigned to a user on login is the
fully privileged one, not the filtered one, meaning the following
scenario is possible

$ >/1
-bash: /1: Permission denied

$ ssh localhost
Last login: Mon Apr 26 13:46:53 2010 from ::1

$ >/1

And it doesn't matter if I am using keys or a password to login.  I am
running under my "full privileged" token.  Setting the password using
"password -R" has no effect either.

My only work around for now it seems is to use a completely different
account for the administrator.

2. The second issue is that it seems that "setup.exe" always installs
the distribution under the account of the person who installed it in
the first place.  Again, if I am using a filtered administrator, this
means my user has full write access to the cygwin directory even when
I am only using my filtered token.  This is because I am the owner of
the entire installation tree.

I changed the owner of the directory from myself to "Administrator"
but I believe it would be beneficial to have setup.exe not count on
the token of the person executing it.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SARE_MSGID_LONG45,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By:	sourceware.org
MIME-Version:	1.0
Date:	Mon, 26 Apr 2010 15:34:54 -0400
Message-ID:	<g2w9bdf03d21004261234qb993397y3afa2e9c60bca60c@mail.gmail.com>
Subject:	Filtered tokens
From:	Patrick Julien <pjulien AT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com