This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: admin privileges when logging in by ssh?

On Oct 15 13:32, Andrew Schulman wrote:
> > On Oct 14 21:14, Corinna Vinschen wrote:
> > I applied a patch to CVS which should solve this problem in a generic
> > way.  I observed how Windows handles the privileges when creating a
> > token and your scenario should be nicely covered now.  I also dropped a
> > somewhat dangerous behaviour in terms of security when creating a token
> > from scratch.
> Thank you.  I'll test the next snapshot and let you know how it goes.
> You said that Cygwin should only set the high mandatory level if the token
> contains certain privileges.  So I guess that SeBackupPrivilege and
> SeRestorePrivilege are among the ones that trigger the high mandatory
> level?  Anything more we should know about that?

By simply trying them out, I created a list of the privileges which
trigger the high integrity level requirement.  See, for instance,
For the security related change, see the second patch snippet in


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]