[Patch] Allow to disable root privileges with CYGWIN=noroot

Corinna Vinschen corinna-cygwin@cygwin.com
Sun Aug 30 09:03:00 GMT 2009


On Aug 29 23:33, Christian Franke wrote:
> Corinna Vinschen wrote:
>> - On all older systems you shouldn't work as admin by default anyway,
>>   especially not on Windows XP.  And then, *if* you're running an admin
>>   session, you usually want admin rights.  What's the advantage of   
>> faking you don't have these rights?
>>
>>   
>
> *If* running an admin session, I expect (Windows) admin rights:
> - Access restrictions from ACLs are effective.
> - Further rights can be obtained if desired by
> -- changing ACLs
> -- disabling ACL check via backup/restore privileges (which  
> unfortunately cannot be inherited to child processes).
>
> This is not equivalent with (Unix) root rights, which means
> - No access restrictions apply, period.
>
> Of course this makes no difference for malware.
> But it IMO makes a practical difference if an admin runs Cygwin apps.

But *why*?  What is the pratical difference, except that you take away
rights from your Cygwin app which in turn has no POSIX way to re-enable
these rights?  I don't see any real advantage.

If you plan to run a Cygwin application with restricted rights from your
administrative account, the IMHO right way would be to start the Cygwin
application through another application which creates a *really*
restricted user token using the Win32 function CreateRestrictedToken and
then call cygwin_set_impersonation_token/execv to start the restricted
process.  A Cygwin tool which accomplishes that would be much more
useful and much more generic than this patch, IMHO.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat



More information about the Cygwin-patches mailing list