X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 21 Apr 2008 10:50:01 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Vista + cygwin basics
Message-ID: <20080421085001.GR23852@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <4802CD4D DOT 2030805 AT cwilson DOT fastmail DOT fm> <480A3B4C DOT 2040205 AT cwilson DOT fastmail DOT fm> <480A4B67 DOT 7911174B AT dessent DOT net> <480BA842 DOT 6010609 AT cwilson DOT fastmail DOT fm> <480C43FC DOT 2FAA58C3 AT dessent DOT net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <480C43FC.2FAA58C3@dessent.net>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Apr 21 00:36, Brian Dessent wrote:
> You can clear this all up with process explorer:
> 
> Unelevated bash shell:
> - user 'brian'
> - IL medium
> - session 1
> - shared memory area \Sessions\1\BaseNamedObjects\cygwin1S4.shared.4
> 
> Elevated bash shell
> - user 'brian'
> - IL high
> - session 1
> - shared memory area \BaseNamedObjects\cygwin1S4.shared.4
> 
> syslog-ng service
> - user 'NT AUTHORITY\SYSTEM'
> - IL System
> - session 0
> - shared memory area \BaseNamedObjects\cygwin1S4.shared.4
> 
> So as you can see, Cygwin tries to create its shared section in the
> global namespace, but doing this requires administrator privileges, so
> it can only do it if elevated (or UAC disabled.)  This explains I think
> everything that you saw.

Sorry Brian, but this has only marginally to do with integrity levels.
The real reason for this is the SeCreateGlobalPrivilege introduced with
Windows 2003.  Only administrative users hold this privilege by default,
as well as any process running in terminal server session 0.  Not having
this privile means, you are not allowed to create named shared memory in
the global namespace.  That means, the global shared memory used by
Cygwin can not be created by a non-admin user running in another session
than 0.  You can find more details about this privilege which, IMHO, is
obscurity rather than security, for instance here:
http://msdn2.microsoft.com/en-us/library/aa366537.aspx

Up to and including Windows 2003, all console users and all services are
running in TS session 0.  Beginning with Vista, even the console logon
is running in a session != 0 and only the services are running in
session 0.  With UAC enabled, an administrative user running a normal
shell is running it "non-elevated".  For an admin user that means, she
doesn't hold the SeCreateGlobalPrivilege privilege and the user token
contains the administrators group as "deny only".  An elevated shell
("run as administrator") contains the SeCreateGlobalPrivilege privilege.

However, that problem will be fixed in 1.7.0 by using something along
the lines of the Vista/Longhorn "Private Namespaces".  So, with 1.7.0
you will see all Cygwin processes again.  Unless, of course, Microsoft
decides to break my new solution with the next Windows version...


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/