[Patch] Allow to disable root privileges with CYGWIN=noroot

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Sep 1 18:32:00 GMT 2009


On Aug 30 21:38, Christian Franke wrote:
> Corinna Vinschen wrote:
>> If you plan to run a Cygwin application with restricted rights from your
>> administrative account, the IMHO right way would be to start the Cygwin
>> application through another application which creates a *really*
>> restricted user token using the Win32 function CreateRestrictedToken and
>> then call cygwin_set_impersonation_token/execv to start the restricted
>> process.  A Cygwin tool which accomplishes that would be much more
>> useful and much more generic than this patch, IMHO.
>>
>>   
> I agree, let's forget the patch.
>
> But I'm not sure how cygwin_set_impersonation_token() could be of any  
> help here. This function sets user.external_token which is only used in  
> seteuid32(). Setuid/seteuid() cannot be used because the restricted  
> token is not related to another user id.

I had a quick look into the seteuid code and I see the problem.  I don't
see a quick way around it, unfortunately.  I'll have a deeper look into
it when I'm back from vacation.

> A quick test with native calls works for me:
>
>  HANDLE t, rt;
>  OpenProcessToken (GetCurrentProcess (), TOKEN_ALL_ACCESS, &t);
>  CreateRestrictedToken (t, DISABLE_MAX_PRIVILEGE, 0, ..., 0, &rt);
>  CreateProcessAsUser (rt, 0, "c:/cygwin/bin/mintty...", ...);

Cool.  Some stuff in the child won't work though since the entire
exec(2) magic is missing.

> BTW: CreateRestrictedToken is apparently missing in  
> /usr/include/w32api/*.h, but it is present in libadvapi32.a

PTC.  The w32api files always need a lot of work.  Microsoft adds 
stuff with every new OS release.  It's hard to stay on top.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat



More information about the Cygwin-patches mailing list