Filtered tokens

[Patrick Julien]

I have read the page found at
http://www.cygwin.com/cygwin-ug-net/ntsec.html but I still see the
following 2 issues with filtered tokens as implemented by Vista/7 when
used by cygwin.

When I say filtered tokens, I'm talking about the dual token strategy
these systems use to keep administrators running under non admin
privileges most of the time.

1. When using ssh/sshd, the token assigned to a user on login is the
fully privileged one, not the filtered one, meaning the following
scenario is possible

$ >/1
-bash: /1: Permission denied

$ ssh localhost
Last login: Mon Apr 26 13:46:53 2010 from ::1

$ >/1

And it doesn't matter if I am using keys or a password to login.  I am
running under my "full privileged" token.  Setting the password using
"password -R" has no effect either.

My only work around for now it seems is to use a completely different
account for the administrator.

2. The second issue is that it seems that "setup.exe" always installs
the distribution under the account of the person who installed it in
the first place.  Again, if I am using a filtered administrator, this
means my user has full write access to the cygwin directory even when
I am only using my filtered token.  This is because I am the owner of
the entire installation tree.

I changed the owner of the directory from myself to "Administrator"
but I believe it would be beneficial to have setup.exe not count on
the token of the person executing it.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple