Mailing-List:	contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin-developers/>
List-Post:	<mailto:cygwin-developers AT cygwin DOT com>
List-Help:	<mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-developers-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin-developers AT cygwin DOT com
Message-ID:	<3DF50D30.AE8FA801@ieee.org>
Date:	Mon, 09 Dec 2002 16:37:52 -0500
From:	"Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
X-Accept-Language:	en,pdf
MIME-Version:	1.0
To:	Hartmut Honisch <hartmut_honisch AT web DOT de>
CC:	cygwin-developers AT cygwin DOT com
Subject:	Re: Subauthentication
References:	<NFBBLLCAILKHOEOHEFMHKEOOCDAA DOT hartmut_honisch AT web DOT de>

Hartmut Honisch wrote:

> I've mainly been testing with ssh and public key authentication. The sshd is
> installed as Windows service, running under the LocalSystem account. When I
> use an ssh client (and public key authentication) to connect to the sshd as
> "MyUser", the session should run in the security context "MyUser". Howerver,
> all calls to Windows' GetUserName() or similar functions always return the
> LocalSystem account. 

Correct, Windows has this very annoying feature where you can't find your own
name when you are impersonated. However Cygwin goes to great lengths to set 
USERNAME correctly.

> Therefore, I effectively have the permissons of
> LocalSystem when accessing secured objects on the target system. This is no
> good.

Don't worry, the access token only has your groups and privileges.
Besides the incorrect name, is there any indication that you have gained
any unusual powers? 

Pierre

- Raw text -