Windows 2003

Corinna Vinschen
Thu Jul 10 18:46:00 GMT 2003

On Thu, Jul 10, 2003 at 08:43:54PM +0200, Corinna Vinschen wrote:
> On Thu, Jul 10, 2003 at 01:18:25PM -0400, Pierre A. Humblet wrote:
> > Corinna,
> > 
> > judging from your recent post on the list you have new 
> > info on the Create Token privilege of SYSTEM on 2003.
> That's info from a MS newsgroup.  I've tested on a 2003 Server and it
> turns out that processes started from cygrunsrv under system account
> have no CreateToekn permission in their access token.
> > If I understand it correctly, the only way out is to
> > run under a new privileged account. Correct?
> When using NTCreateToken, I guess the answer is yes.
> > Should we introduce some means to determine if a 
> > process can setuid, e.g. a new value for cygwin_internal(),
> > checking membership in Admins and having enough
> > privileges?
> Not yet.  First it should work *at all*.  I've created an account with
> all necessary rights including createtoken.  I've checked that services
> started under that account still have createtoken in their access token.
> I've tried running sshd from the command line as well as as service.
> I couldn't start any application when switching user context using
> createtoken.  The context switch is done and then CreateProcess fails
> with error 3: "The system cannot find the path specified."  I've
> checked all permissions, I've set all permissions to 777, to no avail.
> I'm not able to start *any* application.  This is most frustrating.

Sorry, I got that wrong:  Even using password authentication the
CreateProcess(C:\cygwin\bin\bash.exe,...) fails.  Urgh!


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

More information about the Cygwin-developers mailing list