Request for help debugging screen problem

Shaddy Baddah helium@shaddybaddah.name
Sun Feb 7 09:10:00 GMT 2010


Hi,

On 6/02/2010 1:14 PM, Corinna Vinschen wrote:
> On Feb  5 17:31, Corinna Vinschen wrote:
>> On Feb  5 15:58, Shaddy Baddah wrote:
>>> I thought it was common knowledge that logging in to an
>>> Administrtors grouped user in Vista or Windows 7 is not enough to
>>> defeat the (default) UAC, and you remain unelevated from a privilege
>>> standpoint. That is why I have no choice but to unlock the genuine
>>> Administrator (and rename it just in case).
>>
>> No, that's not quite correct.  If you call LogonUser (or the cyglsa sort
>> of password-less authentication) successfully, the system returns the
>> non-elevated token as well as the elevated token as a so-called linked
>> token.  In case of pubkey authentication, Cygwin refers to the elevated
>> token and uses that to switch the user context.  In case of password
>> authentication it does not do that so far.
>
> In CVS it does now.

That's fantastic. Works great (I mean in terms of elevation of 
privelege). I suspect this is going to please, or at least be noticed by 
a lot of users.

Before:

login as: shaddy
shaddy@***-vista's password:
Last login: Sun Feb  7 03:13:03 2010 from ***

shaddy@***-vista ~
$ id -a
uid=1000(shaddy) gid=513(None) groups=545(Users),513(None)

After:

login as: shaddy
shaddy@***-vista's password:
Last login: Sun Feb  7 03:20:40 2010 from ***

shaddy@***-vista ~
$ id -a
uid=1000(shaddy) gid=513(None) 
groups=544(Administrators),545(Users),513(None)

This means that the screen problem is resolved for Administrators. 
However, this does not change the situation for non-Administrators (ie. 
Users).

Now that I'm setup on CVS head, I'll be able to give you an answer 
shortly on the difference wrt cygserver.

Thanks,
Shaddy



More information about the Cygwin-developers mailing list