[Patch] Allow to disable root privileges with CYGWIN=noroot
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Oct 7 08:21:00 GMT 2009
On Oct 6 22:15, Christian Franke wrote:
> Corinna Vinschen wrote:
>> ...and maybe it's time to create a cygwin_internal call which replaces
>> cygwin_set_impersonation_token and deprecate cygwin_set_impersonation_token
>> in the long run. So, instead of the above we could have this call
>> taking a HANDLE and a BOOL value:
>>
>> cygwin_internal (CW_SET_EXTERNAL_TOKEN, token_handle, restricted?);
>>
>>
>
> OK.
>
> I have a very first experimental version which works for me. It also
> requires a new flag 'cygheap->user.is_restricted_token' to tell
> spawn_guts() to use CreateProcessAsUser().
>
> I will post the patch in a few days.
>
> A question:
>
> Why does seteuid32() call 'set_cygwin_privileges ()' on 'curr_imp_token'
> and not on 'curr_primary_token' ? The curr_primary_token is used for
> impersonation and therefore the privileges are not set for the thread
> itself.
Oops. Thanks for catching. I applied a patch.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
More information about the Cygwin-patches
mailing list