Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-WM-Posted-At: avacado.atomice.net; Wed, 18 Sep 02 17:25:41 +0100 From: "Chris January" To: Subject: RE: supplement cygwin_logon_user with CreateProcessWithLogonW? Date: Wed, 18 Sep 2002 17:25:41 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal In-Reply-To: <20020916110611.B29920@cygbert.vinschen.de> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal > > CreateProcessWithLogonW (as opposed to the LogonUser / > CreateProcessAsUser) > > combination. This is because CreateProcessWithLogonW utilises the RunAs > > (2000)/SecondaryLogon (XP) service. Would it make sense to > modify Cygwin so > > this could be used in place of cygwin_logon_user if one so > wished? If so, > > I'll go about creating a patch. > > Hmm, how are you planning to do that? Which application do you have in > mind to use that functionality, su? su was the main one. > > Oh, btw., do you have a pointer to MS documentation which talks about > CreateProcessWithLogonW() utilizing RunAs? I have not found a word of > that in MSDN. Just curious. It's not documented - but Microsoft said this function used the RunAs service when the RunAs pipe authentication vulnerability was discovered. First hint: Function is in advapi32.lib, not kernel32.lib. Second hint: No extra priveleges required. There is also a CreateProcessWithTokenW available with .NET server. Chris -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/