X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:message-id:from:to:subject:references
	:in-reply-to:content-type; q=dns; s=default; b=mn40sBpngzqCQTqMj
	rM1Sqs/NAuOmaW9+kFQj56/XOabOvXEcgOjXUhKylZXpmA5TYy1rAEnMlvRU5j5M
	ZlciDaEIwoIpi3W0o+Gp0LUvH/guTuGAou3BO7CCNNOYlX/6E1VI1QcIZoIwIVqQ
	hLyYS0ZFRwu4d5idWIFhJuPvws=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:message-id:from:to:subject:references
	:in-reply-to:content-type; s=default; bh=7cl8TiFUBesiHZTcNyuXoRy
	v1OM=; b=uJIdSO9syIFxS2rUbS9JVUVLYFMsvKRvVD7KFuL8d9qBnYuRqotWxJ4
	CLO2xNzIPzG7wU2uQad+fGhxtAnmNuRJFkHN6kXI8E/8EHYxNw6AYS9BGnTqFHo7
	o6RPfGOH9bTuDxwirP0gRA8kVVwHmbA7E5EQUn8vMS6a8KA23kbw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=Definitely, essence, H*F:D*nl
X-HELO: lb2-smtp-cloud3.xs4all.net
Date: Fri, 09 Jun 2017 13:37:40 +0200
Message-ID: <25ad7156fb55e9ae42c45ac9f2e99a23@smtp-cloud3.xs4all.net>
From: Houder <houder AT xs4all DOT nl>
To: cygwin AT cygwin DOT com
Subject: Re: Switching the user context -- SeAssignPrimaryTokenPrivilege required
References: <09b517b4e22a170590f36f240383189b AT smtp-cloud3 DOT xs4all DOT net> <20170609090036 DOT GH13513 AT calimero DOT vinschen DOT de>
In-Reply-to: <20170609090036.GH13513@calimero.vinschen.de>
Content-Type: text/plain; charset=UTF-8; format=fixed
User-Agent: mua.awk 0.99

On Fri, 9 Jun 2017 11:00:36, Corinna Vinschen wrote:

[snip]
> You're not supposed to do that.  setuid() is a privileged call, so it's
> supposed to be called by a privileged process only.  Do not add these
> permissions to a normal user account unless you exactly know what you're
> doing security-wise.

No, indeed, one is not supposed to do that (permanently assign this privilege
to a regular user account). Definitely. Absolutely ...

I only intended to demonstrate the essence (gist?) of the subparagraph:

    user context switch => CreateProcessAsUser()

Without the invocation of CreateProcessAsUser() there is no context switch.

Regards,
Henri


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple