This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: current state of credential hopping?


On Mon, Jan 13, 2003 at 10:16:57PM -0500, Igor Pechtchanski wrote:
> Technically, nothing prevents an administrator on a machine from giving
> this permission (called, I *think*, 'Create a token object') to a user
> other than LocalSystem, which will then allow that user to run 'login'
> successfully.  It is impractical from a security standpoint, however, to
> give this permission to all users.

Giving it even to one single user is a wide open security hole.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]