X-Spam-Check-By: sourceware.org Date: Thu, 2 Mar 2006 00:15:14 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: No effect of SE_BACKUP_NAME privilege on cygwin? Message-ID: <20060301231514.GY3184@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <4405F5F9.8010708@t-online.de> <20060301205536.GA11552@calimero.vinschen.de> <44061AD0.7010005@t-online.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44061AD0.7010005@t-online.de> User-Agent: Mutt/1.4.2i Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com On Mar 1 23:06, Christian Franke wrote: > Corinna Vinschen wrote: > > A Cygwin application's main thread is not running under the > >process token, but under a derived impersonation token. This is true > >for every thread in Cygwin. So, instead of using OpenProcessToken, you > >should be able to accomplish what you want by calling OpenThreadToken. > > Yes, it works, thanks! > > Already tried this before but gave up too early, because it didn't work > in the non-cygwin version ;-) > I didn't realize that the main thread has no token by default... Yes, that's a bit irritating. > >However, I'm wondering if a Cygwin application should always try by > >itself to request the SE_BACKUP_NAME privilege. It would simplify file > >access for all privileged processes. Hmm. > > > > Sounds reasonable. > SE_RESTORE_NAME is requested somewhere in the code, but not SE_BACKUP_NAME. I've applied a patch. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/