X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:references:from:subject:message-id:date
	:mime-version:in-reply-to:content-type; q=dns; s=default; b=CLiQ
	cFk6cF1lcmoIZINAWNsitbzAYORQljxLtTUNav+TzYXwmsKtgkuUe1OX2Z+KGG2e
	LMY8QfThvy+4ogw+rZh62id5qJDmjjxQfORV1gdccPGQ/sFECs7xITw5s171vl71
	JZWr4Ag5PGbHQCdpbW3bYDlnbMDNQn8VnFFshuI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:references:from:subject:message-id:date
	:mime-version:in-reply-to:content-type; s=default; bh=zCGVDI3Xga
	75aYXkjjq2fl8oEDk=; b=FTRdA0IZsKiXhLMVjPuTH0MDW05289uBFDrtW/R4Xs
	uoIHM+QiJMyU0HYxcHOK21V1BfytPi1jBx1jEpO1l90DFqmh/mE1U4Z3nUJaq/sj
	SL6qXL9IFsDnWNapeoE+wCwLeRWuycHncBh055Sv+ZHM8n8olJ2cEq8OHJSVB6HV
	E=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=Administrator, accounts, Trusted, H*RU:sk:broadba
X-HELO: mail-lf1-f49.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=to:references:from:autocrypt:subject:message-id:date:user-agent         :mime-version:in-reply-to;        bh=+KBqA2iC3Uul8cN9Hhnt7+iKWfPBTIKo+U2TFferij4=;        b=NgrwuGue0YJWMabkwsOMV35sePll9zOSq9/Fs3MwsqcMh4ZPdxE/DV3nQK2bVKRb8l         TvH4O8uBYCwZM4iVqOlmYwF7Yse5TetFzzIkTZAx7oqUcHUv5OZ+j+zAQz1aBlocAlO0         eUyUppmYICpXpW2YqxenRQ/pkpXDREJlWxiWbWAoOkj2dNS3aYMt1dTPSf9YvlY7IoYt         qCCzUu44Mt1GFkSPUBpuA4Ng133RnVdND69Vn2r27eBeQhE504B/Mj/wjwqabnFwFsDl         Xi48GQubO/l9ICHj9oaq1A7C4vGYIgiMvb2KA66yUMmxBvI4fGWc8NacJdchLj8Vpvk3         o39g==
To: cygwin AT cygwin DOT com
References: <e5962fd2-8705-33a4-c4ce-94a78b55b70c AT t-online DOT de> <1529177562 DOT 20190509150945 AT yandex DOT ru> <CANV9t=SOqauB8uV9vqX9MiNKW7-xYt2vv-J8K2UnrrDhwnBAJA AT mail DOT gmail DOT com>
From: LRN <lrn1986 AT gmail DOT com>
Subject: Re: How to become root/root (0/0)
Message-ID: <3e9407d5-9a47-c863-64a4-445b2fc04050@gmail.com>
Date: Thu, 9 May 2019 17:53:00 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CANV9t=SOqauB8uV9vqX9MiNKW7-xYt2vv-J8K2UnrrDhwnBAJA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ndP6w9rs7wwB5VRklIeb71j2MTxl9yo46"
X-IsSubscribed: yes

--ndP6w9rs7wwB5VRklIeb71j2MTxl9yo46
Content-Type: multipart/mixed; boundary="SXT7KDqvaf9gIRoHcYZaXzLTE078D3uZg";
 protected-headers="v1"
From: LRN <lrn1986 AT gmail DOT com>
To: cygwin AT cygwin DOT com
Message-ID: <3e9407d5-9a47-c863-64a4-445b2fc04050 AT gmail DOT com>
Subject: Re: How to become root/root (0/0)


--SXT7KDqvaf9gIRoHcYZaXzLTE078D3uZg
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 09.05.2019 17:44, Bill Stewart wrote:
> On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote:
>=20
>> Again, there's simply no equivalent of "god user" from *NIX in Windows
>> permissions system.
>=20
> That's not really correct. An account that is a member of the
> Administrators local group (localized name can be different, SID is
> S-1-5-32-544) is a root/superuser equivalent.
>=20
> It is true that some objects have permissions that prevent Administrators
> from accessing them, but any member of Administrators can take
> ownership/change permissions/run as SYSTEM and access those objects.

IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to
somehow coerce a process that runs as SYSTEM to do something for you. Usual=
ly
achieved by running a [temporary] service and having it do what you want to=
 be
done.

Notably, SYSTEM (but not Administrator) can impersonate any other user with=
out
needing a password (other users can only impersonate with a password - i.e.
they need to authenticate themselves). In that sense SYSTEM is the true root
(though there are other high-privilege accounts, such as Trusted Installer =
and
Local Service that might be able to do the same things).


--SXT7KDqvaf9gIRoHcYZaXzLTE078D3uZg--

--ndP6w9rs7wwB5VRklIeb71j2MTxl9yo46
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE4MWzR43wYaAzEA49ja3pJ2dZunQFAlzUPswACgkQja3pJ2dZ
unQNJQ//Y7RrYc29AY7LJ88H4yeaKkFazpGddbkq/70Rh/o4lKasq1Jnn0nKSSV4
VUGhbNHoxn4iovFdMj+f6c7j2xwErQOhkZLpHwvJIgezeqhGqQdkvQ/gFT6hPo4o
j6qILsQ50DPRWQ3vNwLdipLaK4DPqRWr2XqskoljzBCK7jwFSxuWEQX08j+GFSAV
3SwcH0CdQB0yPOVUTzeYXrOOST0jLDGrC+JfwOLTP8lv87zFiKwqVzWJiVue+dnV
BQrO2PJRWp2jENm2PwywdAE79ifVYkz+rthurXFr1Br1o1LOvBzgYhCk+YOM9Dr+
rf9lhM0HZ3x5kFzlEn9S/CVvJ5Pwmm+ptHRh1WyX2gyc/Z85RI0ZjG2s5WlKZE/d
ms7XgYjGle/VpOv2rQKQJj4BeClFIYxm2bo4CQyxRw0/Jc/n7fay5H8qJvvnBD07
uikfXxV5VGu31TXWgcbw5ZfOyTX3sNs35EQJMloLU9LIhhvtEYQBqQu6D6O6aj8i
AmqqX3tHmIt0bAkhLuiRYgyNKwLOntZWFGe+PgP0C/0xKaGwk3h1UoiQF3qQHTvm
tMqYbnOW2lfh/Rv0jN/Y+KgktrPhLf78MBifXmdRG/cQletFhxhPYC+1uegMxW6Q
UQLt9TCOzTzsaKmLEB0/8JqlvPzEMlal5dIdPol2TtwQ/Hg3fq4=
=tKZV
-----END PGP SIGNATURE-----

--ndP6w9rs7wwB5VRklIeb71j2MTxl9yo46--