Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Date: Tue, 14 Jan 2003 10:07:10 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: current state of credential hopping? Message-ID: <20030114090710.GC1373@cygbert.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i On Mon, Jan 13, 2003 at 10:16:57PM -0500, Igor Pechtchanski wrote: > Technically, nothing prevents an administrator on a machine from giving > this permission (called, I *think*, 'Create a token object') to a user > other than LocalSystem, which will then allow that user to run 'login' > successfully. It is impractical from a security standpoint, however, to > give this permission to all users. Giving it even to one single user is a wide open security hole. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin@cygwin.com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/