[Patch] Allow to disable root privileges with CYGWIN=noroot
Sat Aug 29 21:34:00 GMT 2009
Corinna Vinschen wrote:
> - On all older systems you shouldn't work as admin by default anyway,
> especially not on Windows XP. And then, *if* you're running an admin
> session, you usually want admin rights. What's the advantage of
> faking you don't have these rights?
*If* running an admin session, I expect (Windows) admin rights:
- Access restrictions from ACLs are effective.
- Further rights can be obtained if desired by
-- changing ACLs
-- disabling ACL check via backup/restore privileges (which
unfortunately cannot be inherited to child processes).
This is not equivalent with (Unix) root rights, which means
- No access restrictions apply, period.
Of course this makes no difference for malware.
But it IMO makes a practical difference if an admin runs Cygwin apps.
The patch give the user the ability to run Cygwin with the default admin
rights. These are also effective for explorer, cmd.exe and all other
Windows apps which do not set backup/restore privileges.
More information about the Cygwin-patches