This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: About "messed up user permissions from w2k terminal session"


On Wed, Oct 08, 2003 at 09:20:28AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > How do we implement 3?  A function for checking and setting privileges
> > exists.  We would have to tweak it slightly to allow to recognize the
> > case that a user right just doesn't exist on the system.
> > 
> > How do we test if the session is a TS session?  Does NT provide this
> > information somewhere? *dig, dig, dig*  Cool, yes, the function
> > GetSystemMetrics(SM_REMOTESESSION) returns TRUE if running in a remote
> > session.  It does not return TRUE if running under a service, I just
> > tested it.  So 3 should be doable.
> 
> Great. FWIW there is also another way. Users running under TS are in a
> special group, at least with Windows 2000 sp4
> 4 [TERMINAL SERVER USER] [NT AUTHORITY] SidTypeWellKnownGroup
> 11 S-1-5-13
> SE_GROUP_ENABLED, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_MANDATORY, 

Yep, that group exists also on XP so it will be very likely the same
on 03.  But... hmm, I'm just thinking what happens if somebody tweaks
her /etc/group file to be a member of that group.  Isn't using the
system metric more safe?  I mean, the group info is fakable, the system
metric isn't...

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]