| delorie.com/archives/browse.cgi | search |
On Oct 15 13:32, Andrew Schulman wrote: > > On Oct 14 21:14, Corinna Vinschen wrote: > > I applied a patch to CVS which should solve this problem in a generic > > way. I observed how Windows handles the privileges when creating a > > token and your scenario should be nicely covered now. I also dropped a > > somewhat dangerous behaviour in terms of security when creating a token > > from scratch. > > Thank you. I'll test the next snapshot and let you know how it goes. > > You said that Cygwin should only set the high mandatory level if the token > contains certain privileges. So I guess that SeBackupPrivilege and > SeRestorePrivilege are among the ones that trigger the high mandatory > level? Anything more we should know about that? By simply trying them out, I created a list of the privileges which trigger the high integrity level requirement. See, for instance, http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_helper.cc.diff?r1=1.93&r2=1.94&cvsroot=src&f=h For the security related change, see the second patch snippet in http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_auth.cc.diff?r1=1.41&r2=1.42&cvsroot=src&f=h Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |