X-Spam-Check-By: sourceware.org
Date: Thu, 2 Mar 2006 00:15:14 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: No effect of SE_BACKUP_NAME privilege on cygwin?
Message-ID: <20060301231514.GY3184@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <4405F5F9 DOT 8010708 AT t-online DOT de> <20060301205536 DOT GA11552 AT calimero DOT vinschen DOT de> <44061AD0 DOT 7010005 AT t-online DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44061AD0.7010005@t-online.de>
User-Agent: Mutt/1.4.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mar  1 23:06, Christian Franke wrote:
> Corinna Vinschen wrote:
> >  A Cygwin application's main thread is not running under the
> >process token, but under a derived impersonation token.  This is true
> >for every thread in Cygwin.  So, instead of using OpenProcessToken, you
> >should be able to accomplish what you want by calling OpenThreadToken.
> 
> Yes, it works, thanks!
> 
> Already tried this before but gave up too early, because it didn't work 
> in the non-cygwin version ;-)
> I didn't realize that the main thread has no token by default...

Yes, that's a bit irritating.

> >However, I'm wondering if a Cygwin application should always try by
> >itself to request the SE_BACKUP_NAME privilege.  It would simplify file
> >access for all privileged processes.  Hmm.
> >  
> 
> Sounds reasonable.
> SE_RESTORE_NAME is requested somewhere in the code, but not SE_BACKUP_NAME.

I've applied a patch.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/