Windows 2003

Corinna Vinschen
Fri Jul 11 13:11:00 GMT 2003

On Fri, Jul 11, 2003 at 09:04:08AM -0400, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > 
> > > Also a piece of good news:
> > >
> > >
> > > Giving the Create Token privilege seems to work, at least on some
> > > 2003 systems.
> > 
> > I still don't trust that statement.  It's in pure contrast to the
> > given proof that SeCreateTokenPrivilege isn't in the token.  I'm
> > not convinced.  *If* he's right though, we would have to carefully
> > examine the differences in token creation since 1.3.1...
> OK, but he had created a new account with that privilege.

I didn't see that in the whole thread.  I asked about this stuff at
least twice.  He wrote he's running sshd under SYSTEM.

> Great, it looks like everything is OK. The privileged user
> probably also needs the new 2003 privilege SeImpersonatePrivilege.
> Can you check what happens when it's missing?

The privilege is given to all admins by default.  I'm somewhat
reluctant to remove it from the admins group.

> So we are back to my initial question: the privileged account won't
> have uid == ROOT_UID (18). Shouldn't Cygwin provide a method to
> determine if an account is privileged?
> One possibility is to use cygwin_internal(). I would have it return
> the current uid if it is privileged, and -1 if it isn't. That way
> porters could define a macro ROOT_UID = cygwin_internal(CW_ISPRIV)
> and keep the usual test getuid() == ROOT_UID.

Personally I'd better like to create a uid 0 account as in my example
given in the other mail I've send a few minutes ago.  It would make
porting more easy.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

More information about the Cygwin-developers mailing list