Mail Archives: cygwin/2013/06/02/04:57:22

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2013/06/02/04:57:22

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=FMPIoydiH32+G6SAtCTA+sqWVC9LximRpAUzbakA92xvm/XSYLn2q

kndH/1FcL1eNzgasfvVGbfoIe0X3C4kARnHaw2uQwT9GkvwWKsGDO2UYkSlmdSY/

HT0RlHb5k995oJzswKpY0Z1i+mSIAMiLLBEFq6BIvW45X6XUXd5+h0=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=0IUO22aKxwD+VgOsfUuzk/lqN8w=; b=VTXrPm2f5vOc95B1lQd/Ep0T13GH

1zq3wHM3DgwIDVLAQ3n2QWiQiRiPlmC8oD5xlFBX3+eABc3/oGgx0yAv00aeMRKt

1Loaok+eYYwurJj2V+zWeb+lgFyHYNytYIs6pOoB5vrRozMLr63Vzp8cZ/7Mv/wJ

xZyVYTGlltShW5c=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1

Date: Sun, 2 Jun 2013 10:56:55 +0200

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Using native symlinks

Message-ID: <20130602085655.GB13934@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g AT mail DOT gmail DOT com> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA AT mail DOT gmail DOT com> <20130529152339 DOT GB4471 AT calimero DOT vinschen DOT de> <CAGHJv4cKU_vHa7KddQ5dK_3dkj792A8X5Ps9njS_gBNEFWz63Q AT mail DOT gmail DOT com> <20130529170147 DOT GG4471 AT calimero DOT vinschen DOT de> <CAGHJv4cms9Cg=VA0bFsqK_MvY1fhYbgQA2iOWRKxA=O0Z1FL1A AT mail DOT gmail DOT com> <20130530090326 DOT GJ4471 AT calimero DOT vinschen DOT de> <51A753F8 DOT 90005 AT openafs DOT org>

MIME-Version: 1.0

In-Reply-To: <51A753F8.90005@openafs.org>

User-Agent: Mutt/1.5.21 (2010-09-15)

On May 30 09:28, Jeffrey Altman wrote:
> On 5/30/2013 5:03 AM, Corinna Vinschen wrote:
> 
> > On the other hand, in the same situation the UAC-crippled admins's token
> > does not contain the "Create symbolic links" right:
> > 
> >   $ /cygdrive/c/Windows/System32/whoami /priv
> > 
> >   PRIVILEGES INFORMATION
> >   ----------------------
> > 
> >   Privilege Name                Description                          State
> >   ============================= ==================================== ========
> >   SeShutdownPrivilege           Shut down the system                 Disabled
> >   SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
> >   SeUndockPrivilege             Remove computer from docking station Disabled
> >   SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
> >   SeTimeZonePrivilege           Change the time zone                 Disabled
> > 
> > I also changed the "Create symbolic links" policy so that the "Users"
> > group is the only group getting this right.  In other words, I removed
> > the "Administrators" group entirely, logged off, logged on, and the
> > result was the same as above.
> > 
> > This is a bug in UAC if you ask me.  It seems to remove privileges from
> > the UAC-crippled admin's token based on a fixed internal list, totally
> > ignorant of changes in the security policy.
> 
> This is a design flaw but it is working as documented.   Administrators have
> SeCreateSymbolicLinkPrivilege by default so UAC removes it.   What UAC
> should
> do in my opinion is not remove a static list of permissions but only
> remove those permissions that are not granted to standard users.

ACK.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=FMPIoydiH32+G6SAtCTA+sqWVC9LximRpAUzbakA92xvm/XSYLn2q
	kndH/1FcL1eNzgasfvVGbfoIe0X3C4kARnHaw2uQwT9GkvwWKsGDO2UYkSlmdSY/
	HT0RlHb5k995oJzswKpY0Z1i+mSIAMiLLBEFq6BIvW45X6XUXd5+h0=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=0IUO22aKxwD+VgOsfUuzk/lqN8w=; b=VTXrPm2f5vOc95B1lQd/Ep0T13GH
	1zq3wHM3DgwIDVLAQ3n2QWiQiRiPlmC8oD5xlFBX3+eABc3/oGgx0yAv00aeMRKt
	1Loaok+eYYwurJj2V+zWeb+lgFyHYNytYIs6pOoB5vrRozMLr63Vzp8cZ/7Mv/wJ
	xZyVYTGlltShW5c=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-Spam-SWARE-Status:	No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1
Date:	Sun, 2 Jun 2013 10:56:55 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Using native symlinks
Message-ID:	<20130602085655.GB13934@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g AT mail DOT gmail DOT com> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA AT mail DOT gmail DOT com> <20130529152339 DOT GB4471 AT calimero DOT vinschen DOT de> <CAGHJv4cKU_vHa7KddQ5dK_3dkj792A8X5Ps9njS_gBNEFWz63Q AT mail DOT gmail DOT com> <20130529170147 DOT GG4471 AT calimero DOT vinschen DOT de> <CAGHJv4cms9Cg=VA0bFsqK_MvY1fhYbgQA2iOWRKxA=O0Z1FL1A AT mail DOT gmail DOT com> <20130530090326 DOT GJ4471 AT calimero DOT vinschen DOT de> <51A753F8 DOT 90005 AT openafs DOT org>
MIME-Version:	1.0
In-Reply-To:	<51A753F8.90005@openafs.org>
User-Agent:	Mutt/1.5.21 (2010-09-15)