[Patch] Allow to disable root privileges with CYGWIN=noroot

Christian Franke Christian.Franke@t-online.de
Sat Aug 29 21:34:00 GMT 2009


Corinna Vinschen wrote:
> - On all older systems you shouldn't work as admin by default anyway,
>   especially not on Windows XP.  And then, *if* you're running an admin
>   session, you usually want admin rights.  What's the advantage of 
>   faking you don't have these rights?
>
>   

*If* running an admin session, I expect (Windows) admin rights:
- Access restrictions from ACLs are effective.
- Further rights can be obtained if desired by
-- changing ACLs
-- disabling ACL check via backup/restore privileges (which 
unfortunately cannot be inherited to child processes).

This is not equivalent with (Unix) root rights, which means
- No access restrictions apply, period.

Of course this makes no difference for malware.
But it IMO makes a practical difference if an admin runs Cygwin apps.

The patch give the user the ability to run Cygwin with the default admin 
rights. These are also effective for explorer, cmd.exe and all other 
Windows apps which do not set backup/restore privileges.

Christian



More information about the Cygwin-patches mailing list