Re: Request for help debugging screen problem

[Shaddy Baddah <helium at shaddybaddah dot name>]

Hi,

On 6/02/2010 1:14 PM, Corinna Vinschen wrote:
> On Feb  5 17:31, Corinna Vinschen wrote:
> > On Feb  5 15:58, Shaddy Baddah wrote:
> > > I thought it was common knowledge that logging in to an
> > > Administrtors grouped user in Vista or Windows 7 is not enough to
> > > defeat the (default) UAC, and you remain unelevated from a privilege
> > > standpoint. That is why I have no choice but to unlock the genuine
> > > Administrator (and rename it just in case).
> >
> > No, that's not quite correct.  If you call LogonUser (or the cyglsa sort
> > of password-less authentication) successfully, the system returns the
> > non-elevated token as well as the elevated token as a so-called linked
> > token.  In case of pubkey authentication, Cygwin refers to the elevated
> > token and uses that to switch the user context.  In case of password
> > authentication it does not do that so far.
>
> In CVS it does now.

That's fantastic. Works great (I mean in terms of elevation of 
privelege). I suspect this is going to please, or at least be noticed by 
a lot of users.

Before:

login as: shaddy
shaddy@***-vista's password:
Last login: Sun Feb  7 03:13:03 2010 from ***

shaddy@***-vista ~
$ id -a
uid=1000(shaddy) gid=513(None) groups=545(Users),513(None)

After:

login as: shaddy
shaddy@***-vista's password:
Last login: Sun Feb  7 03:20:40 2010 from ***

shaddy@***-vista ~
$ id -a
uid=1000(shaddy) gid=513(None) 
groups=544(Administrators),545(Users),513(None)

This means that the screen problem is resolved for Administrators. 
However, this does not change the situation for non-Administrators (ie. 
Users).

Now that I'm setup on CVS head, I'll be able to give you an answer 
shortly on the difference wrt cygserver.

Thanks,
Shaddy