This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Windows 2003
On Thu, Jul 10, 2003 at 08:43:54PM +0200, Corinna Vinschen wrote:
> On Thu, Jul 10, 2003 at 01:18:25PM -0400, Pierre A. Humblet wrote:
> > Corinna,
> >
> > judging from your recent post on the list you have new
> > info on the Create Token privilege of SYSTEM on 2003.
>
> That's info from a MS newsgroup. I've tested on a 2003 Server and it
> turns out that processes started from cygrunsrv under system account
> have no CreateToekn permission in their access token.
>
> > If I understand it correctly, the only way out is to
> > run under a new privileged account. Correct?
>
> When using NTCreateToken, I guess the answer is yes.
>
> > Should we introduce some means to determine if a
> > process can setuid, e.g. a new value for cygwin_internal(),
> > checking membership in Admins and having enough
> > privileges?
>
> Not yet. First it should work *at all*. I've created an account with
> all necessary rights including createtoken. I've checked that services
> started under that account still have createtoken in their access token.
> I've tried running sshd from the command line as well as as service.
> I couldn't start any application when switching user context using
> createtoken. The context switch is done and then CreateProcess fails
> with error 3: "The system cannot find the path specified." I've
> checked all permissions, I've set all permissions to 777, to no avail.
> I'm not able to start *any* application. This is most frustrating.
Sorry, I got that wrong: Even using password authentication the
CreateProcess(C:\cygwin\bin\bash.exe,...) fails. Urgh!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.