[Patch] Allow to disable root privileges with CYGWIN=noroot
Christian Franke
Christian.Franke@t-online.de
Sun Oct 4 19:08:00 GMT 2009
Hi Corinna,
Corinna Vinschen wrote:
> New patch attached. I made the test a bit more foolproof, hopefully.
> And a restricted token does not require to load the user's registry hive,
> nor should Cygwin try to enable the backup/restore permissions in the
> new token. That spoils the idea of a restricted token a bit...
> ...
>
>
Thanks!
> + bool request_restricted_uid_switch =
> + uid == myself->uid
> + && ( (cygheap->user.external_token != NO_IMPERSONATION
> + && IsTokenRestricted (cygheap->user.external_token))
> + || (cygheap->user.external_token == NO_IMPERSONATION
> + && cygheap->user.issetuid ()
> + && IsTokenRestricted (cygheap->user.curr_primary_token)));
>
Unfortunately this does not work for a typical use case: an admin
process creates a restricted token with standard user rights. The
function IsTokenRestricted() returns TRUE only if the token contains
'restricted SIDs'.
(http://msdn.microsoft.com/en-us/library/aa379137(VS.85).aspx)
Test with tokens returned by SaferComputeTokenFromLevel():
(http://msdn.microsoft.com/en-us/library/ms972827.aspx)
SAFER_LEVELID_NORMALUSER: IsTokenRestricted()=FALSE
SAFER_LEVELID_CONSTRAINED: IsTokenRestricted()=TRUE
SAFER_LEVELID_UNTRUSTED: IsTokenRestricted()=TRUE
BTW: Only NORMALUSER is works for Cygwin. Using DropMyRights.exe to
start of a Cygwin process with a CONTRAINED token results in:
5 [sig] true 3788 C:\cygwin-1.7\bin\true.exe:
*** fatal error - couldn't create signal pipe, Win32 error 5
There is apparently no function to check whether a token is a result of
CreateRestrictedToken() or SaferComputeTokenFromLevel().
Would'nt it be easier to add a new function
'cygwin_set_restricted_token(token)' instead of the test of the token type?
Christian
More information about the Cygwin-patches
mailing list