Using native symlinks
Corinna Vinschen
corinna-cygwin@cygwin.com
Sun Jun 2 08:56:00 GMT 2013
On May 30 09:28, Jeffrey Altman wrote:
> On 5/30/2013 5:03 AM, Corinna Vinschen wrote:
>
> > On the other hand, in the same situation the UAC-crippled admins's token
> > does not contain the "Create symbolic links" right:
> >
> > $ /cygdrive/c/Windows/System32/whoami /priv
> >
> > PRIVILEGES INFORMATION
> > ----------------------
> >
> > Privilege Name Description State
> > ============================= ==================================== ========
> > SeShutdownPrivilege Shut down the system Disabled
> > SeChangeNotifyPrivilege Bypass traverse checking Enabled
> > SeUndockPrivilege Remove computer from docking station Disabled
> > SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
> > SeTimeZonePrivilege Change the time zone Disabled
> >
> > I also changed the "Create symbolic links" policy so that the "Users"
> > group is the only group getting this right. In other words, I removed
> > the "Administrators" group entirely, logged off, logged on, and the
> > result was the same as above.
> >
> > This is a bug in UAC if you ask me. It seems to remove privileges from
> > the UAC-crippled admin's token based on a fixed internal list, totally
> > ignorant of changes in the security policy.
>
> This is a design flaw but it is working as documented. Administrators have
> SeCreateSymbolicLinkPrivilege by default so UAC removes it. What UAC
> should
> do in my opinion is not remove a static list of permissions but only
> remove those permissions that are not granted to standard users.
ACK.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list