Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Tue, 14 Jan 2003 10:07:10 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: current state of credential hopping?
Message-ID: <20030114090710.GC1373@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <Pine DOT LNX DOT 4 DOT 33 DOT 0301131746310 DOT 32485-100000 AT denzel DOT in> <Pine DOT GSO DOT 4 DOT 44 DOT 0301132151450 DOT 10883-100000 AT slinky DOT cs DOT nyu DOT edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.44.0301132151450.10883-100000@slinky.cs.nyu.edu>
User-Agent: Mutt/1.4i

On Mon, Jan 13, 2003 at 10:16:57PM -0500, Igor Pechtchanski wrote:
> Technically, nothing prevents an administrator on a machine from giving
> this permission (called, I *think*, 'Create a token object') to a user
> other than LocalSystem, which will then allow that user to run 'login'
> successfully.  It is impractical from a security standpoint, however, to
> give this permission to all users.

Giving it even to one single user is a wide open security hole.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/