This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
Re: [Patch] Allow to disable root privileges with CYGWIN=noroot
On Aug 29 23:33, Christian Franke wrote:
> Corinna Vinschen wrote:
>> - On all older systems you shouldn't work as admin by default anyway,
>> especially not on Windows XP. And then, *if* you're running an admin
>> session, you usually want admin rights. What's the advantage of
>> faking you don't have these rights?
>>
>>
>
> *If* running an admin session, I expect (Windows) admin rights:
> - Access restrictions from ACLs are effective.
> - Further rights can be obtained if desired by
> -- changing ACLs
> -- disabling ACL check via backup/restore privileges (which
> unfortunately cannot be inherited to child processes).
>
> This is not equivalent with (Unix) root rights, which means
> - No access restrictions apply, period.
>
> Of course this makes no difference for malware.
> But it IMO makes a practical difference if an admin runs Cygwin apps.
But *why*? What is the pratical difference, except that you take away
rights from your Cygwin app which in turn has no POSIX way to re-enable
these rights? I don't see any real advantage.
If you plan to run a Cygwin application with restricted rights from your
administrative account, the IMHO right way would be to start the Cygwin
application through another application which creates a *really*
restricted user token using the Win32 function CreateRestrictedToken and
then call cygwin_set_impersonation_token/execv to start the restricted
process. A Cygwin tool which accomplishes that would be much more
useful and much more generic than this patch, IMHO.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat