This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Filtered tokens


OK, I understand why it's the privileged token but why is it still in session 0?

Also, it doesn't really explain why the files are all installed with
ownership set to me

On Tue, Apr 27, 2010 at 5:10 AM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> On Apr 26 15:34, Patrick Julien wrote:
>> I have read the page found at
>> http://www.cygwin.com/cygwin-ug-net/ntsec.html but I still see the
>> following 2 issues with filtered tokens as implemented by Vista/7 when
>> used by cygwin.
>>
>> When I say filtered tokens, I'm talking about the dual token strategy
>> these systems use to keep administrators running under non admin
>> privileges most of the time.
>
> You mean UAC.
>
>> 1. When using ssh/sshd, the token assigned to a user on login is the
>> fully privileged one.
>
> Deliberately. ?Otherwise you can't perform admin tasks from a remote
> session.
>
>> And it doesn't matter if I am using keys or a password to login. ?I am
>> running under my "full privileged" token. ?Setting the password using
>> "password -R" has no effect either.
>
> I would be surprised if it had. ?After all it's only a single account
> with a crippled and a full token. ?I'm surprised anybody wants the
> crippled token in a remote SSH session.
>
>
> Corinna
>
> --
> Corinna Vinschen ? ? ? ? ? ? ? ? ?Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader ? ? ? ? ?cygwin AT cygwin DOT com
> Red Hat
>
> --
> Problem reports: ? ? ? http://cygwin.com/problems.html
> FAQ: ? ? ? ? ? ? ? ? ? http://cygwin.com/faq/
> Documentation: ? ? ? ? http://cygwin.com/docs.html
> Unsubscribe info: ? ? ?http://cygwin.com/ml/#unsubscribe-simple
>
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]