X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Sat, 15 Oct 2011 20:40:34 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: admin privileges when logging in by ssh?
Message-ID: <20111015184034.GE6680@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <rg0q679hpajl00ujv34jtmavsanhpb6n2t AT 4ax DOT com> <fb5s67hrbvq8lej86nqjhfp0et01fc6lsf AT 4ax DOT com> <20111004094440 DOT GB14728 AT calimero DOT vinschen DOT de> <0s9m87drlejguq5s9u6njre69spr5sd8o6 AT 4ax DOT com> <20111004175341 DOT GA14345 AT calimero DOT vinschen DOT de> <kegg975khakim6gdffidaauof66b9ie828 AT 4ax DOT com> <20111014182330 DOT GC22040 AT calimero DOT vinschen DOT de> <20111014191451 DOT GD22040 AT calimero DOT vinschen DOT de> <20111015171128 DOT GD6680 AT calimero DOT vinschen DOT de> <dggj979qjincb7ji4lep0a5gkqnlvmupj7 AT 4ax DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <dggj979qjincb7ji4lep0a5gkqnlvmupj7@4ax.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Oct 15 13:32, Andrew Schulman wrote:
> > On Oct 14 21:14, Corinna Vinschen wrote:
> > I applied a patch to CVS which should solve this problem in a generic
> > way.  I observed how Windows handles the privileges when creating a
> > token and your scenario should be nicely covered now.  I also dropped a
> > somewhat dangerous behaviour in terms of security when creating a token
> > from scratch.
> 
> Thank you.  I'll test the next snapshot and let you know how it goes.
> 
> You said that Cygwin should only set the high mandatory level if the token
> contains certain privileges.  So I guess that SeBackupPrivilege and
> SeRestorePrivilege are among the ones that trigger the high mandatory
> level?  Anything more we should know about that?

By simply trying them out, I created a list of the privileges which
trigger the high integrity level requirement.  See, for instance,
http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_helper.cc.diff?r1=1.93&r2=1.94&cvsroot=src&f=h
For the security related change, see the second patch snippet in
http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_auth.cc.diff?r1=1.41&r2=1.42&cvsroot=src&f=h


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple