X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=cUkzSQWVcG8uRjBt 2Y1OLlJ9CKsc+Ycj9Mndh8miMuwlFJ9BLeSePoRmo2wTQDvq5DDEaR9vraGQCqSP 7d4O2rfdK5HEmOMfuTavXAuXeQuq29vDUkXne+Uc8Tyjt+EN9JrBtfwUD+B6stZn Ntgqp+OTCL73G7Q2Luy7nDH4Qgc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=gRurUFT/KbTinr3lkldzhd 4MSNI=; b=NUnkN2+kg1E5XNRXLtBP+wKYz/bHzWUOiJTeSgTb0bb7WGFlWI6Mj7 Th6tGURhw7X3Jvg/NwwvzqOdTTfEUsU8mOzD3iYAgFPn6AOYdK6E73B2VWUvHQq/ N1VoKsgIvOYg5E1PIfTGkBvAfDik4J8XpRJJB6Znuk/+4+xwMXUk0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=2.0 required=5.0 tests=BAYES_50,FREEMAIL_FROM,KAM_THEBAT,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1 spammy=accounts, Administrator, H*M:yandex, Trusted X-HELO: forward104o.mail.yandex.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1557497101; bh=/NhRaP7w+9tkIyItt2FlNvlZGxsbi2+/XdJHasIr+ow=; h=In-Reply-To:Subject:To:Reply-To:From:Message-ID:References:Date; b=nF7TQ9kei5HulZ4ilj9tfTGGTCHBLKumw3FTYd7iO9Yw8lkCfPNZDngHhODSkQ8+R PWN+ggnSqL0IL7pWn8XHAY/2LxGiwzXSRn18twRti0XiW2k59bNwMLoOcP1WjV8S6M OguyC6W7TflJ0VH8WxNsdmIJlLTQtoThkQWlyLEk= Authentication-Results: mxback4j.mail.yandex.net; dkim=pass header.i=@yandex.ru Date: Fri, 10 May 2019 16:54:42 +0300 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <1146833447.20190510165442@yandex.ru> To: LRN , cygwin AT cygwin DOT com Subject: Re: How to become root/root (0/0) In-Reply-To: <3e9407d5-9a47-c863-64a4-445b2fc04050@gmail.com> References: <1529177562 DOT 20190509150945 AT yandex DOT ru> <3e9407d5-9a47-c863-64a4-445b2fc04050 AT gmail DOT com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, LRN! >>> Again, there's simply no equivalent of "god user" from *NIX in Windows >>> permissions system. >> >> That's not really correct. An account that is a member of the >> Administrators local group (localized name can be different, SID is >> S-1-5-32-544) is a root/superuser equivalent. >> >> It is true that some objects have permissions that prevent Administrators >> from accessing them, but any member of Administrators can take >> ownership/change permissions/run as SYSTEM and access those objects. > IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to > somehow coerce a process that runs as SYSTEM to do something for you. Usually > achieved by running a [temporary] service and having it do what you want to be > done. > Notably, SYSTEM (but not Administrator) can impersonate any other user without > needing a password Only locally. But then again, impersonation versus having an inherent god power. > (other users can only impersonate with a password - i.e. > they need to authenticate themselves). In that sense SYSTEM is the true root > (though there are other high-privilege accounts, such as Trusted Installer and > Local Service that might be able to do the same things). -- With best regards, Andrey Repin Friday, May 10, 2019 16:53:51 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple