This is the mail archive of the cygwin-patches mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Allow to disable root privileges with CYGWIN=noroot

Corinna Vinschen wrote: 
If you plan to run a Cygwin application with restricted rights from your
administrative account, the IMHO right way would be to start the Cygwin
application through another application which creates a *really*
restricted user token using the Win32 function CreateRestrictedToken and
then call cygwin_set_impersonation_token/execv to start the restricted
process.  A Cygwin tool which accomplishes that would be much more
useful and much more generic than this patch, IMHO.

I agree, let's forget the patch.

But I'm not sure how cygwin_set_impersonation_token() could be of any help here. This function sets user.external_token which is only used in seteuid32(). Setuid/seteuid() cannot be used because the restricted token is not related to another user id.

A quick test with native calls works for me:

 HANDLE t, rt;
 OpenProcessToken (GetCurrentProcess (), TOKEN_ALL_ACCESS, &t);
 CreateRestrictedToken (t, DISABLE_MAX_PRIVILEGE, 0, ..., 0, &rt);
 CreateProcessAsUser (rt, 0, "c:/cygwin/bin/mintty...", ...);

BTW: CreateRestrictedToken is apparently missing in /usr/include/w32api/*.h, but it is present in libadvapi32.a

Christian

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]