This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Allow to disable root privileges with CYGWIN=noroot


Corinna Vinschen wrote:
- On all older systems you shouldn't work as admin by default anyway,
especially not on Windows XP. And then, *if* you're running an admin
session, you usually want admin rights. What's the advantage of faking you don't have these rights?



*If* running an admin session, I expect (Windows) admin rights:
- Access restrictions from ACLs are effective.
- Further rights can be obtained if desired by
-- changing ACLs
-- disabling ACL check via backup/restore privileges (which unfortunately cannot be inherited to child processes).


This is not equivalent with (Unix) root rights, which means
- No access restrictions apply, period.

Of course this makes no difference for malware.
But it IMO makes a practical difference if an admin runs Cygwin apps.

The patch give the user the ability to run Cygwin with the default admin rights. These are also effective for explorer, cmd.exe and all other Windows apps which do not set backup/restore privileges.

Christian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]