X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0	tests=AWL,BAYES_00,RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
Subject: Re: admin privileges when logging in by ssh?
References: <rg0q679hpajl00ujv34jtmavsanhpb6n2t AT 4ax DOT com>	<fb5s67hrbvq8lej86nqjhfp0et01fc6lsf AT 4ax DOT com>	<20111004094440 DOT GB14728 AT calimero DOT vinschen DOT de>	<0s9m87drlejguq5s9u6njre69spr5sd8o6 AT 4ax DOT com>	<20111004175341 DOT GA14345 AT calimero DOT vinschen DOT de>	<kegg975khakim6gdffidaauof66b9ie828 AT 4ax DOT com>	<20111014182330 DOT GC22040 AT calimero DOT vinschen DOT de>	<20111014191451 DOT GD22040 AT calimero DOT vinschen DOT de>	<20111015171128 DOT GD6680 AT calimero DOT vinschen DOT de>	<dggj979qjincb7ji4lep0a5gkqnlvmupj7 AT 4ax DOT com>	<20111015184034 DOT GE6680 AT calimero DOT vinschen DOT de>
From: ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson)
Date: Sun, 16 Oct 2011 17:25:14 +0100
In-Reply-To: <20111015184034.GE6680@calimero.vinschen.de> (Corinna Vinschen's message of "Sat, 15 Oct 2011 20:40:34 +0200")
Message-ID: <f5bhb38kiol.fsf@calexico.inf.ed.ac.uk>
User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.21 (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Edinburgh-Scanned: at treacle.ucs.ed.ac.uk    with MIMEDefang 2.60, Sophie, Sophos Anti-Virus, Clam AntiVirus
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen writes:

> . . .
> By simply trying them out, I created a list of the privileges which
> trigger the high integrity level requirement.  See, for instance,
> http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_helper.cc.diff?r1=1.93&r2=1.94&cvsroot=src&f=h
> For the security related change, see the second patch snippet in
> http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/sec_auth.cc.diff?r1=1.41&r2=1.42&cvsroot=src&f=h

Dare I suggest (yet another) gold star for Corinna?  Who else would
dive right in to the relevant obscure part of Windows, figure out how
to reverse engineer the relevant bits, and produce a snapshot, on the
basis on one user request.  Hear hear!

ht
-- 
       Henry S. Thompson, School of Informatics, University of Edinburgh
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 651-1426, e-mail: ht AT inf DOT ed DOT ac DOT uk
                       URL: http://www.ltg.ed.ac.uk/~ht/
 [mail from me _always_ has a .sig like this -- mail without it is forged spam]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple