This is the mail archive of the
mailing list for the Cygwin project.
Re: admin privileges when logging in by ssh?
On Oct 15 13:32, Andrew Schulman wrote:
> > On Oct 14 21:14, Corinna Vinschen wrote:
> > I applied a patch to CVS which should solve this problem in a generic
> > way. I observed how Windows handles the privileges when creating a
> > token and your scenario should be nicely covered now. I also dropped a
> > somewhat dangerous behaviour in terms of security when creating a token
> > from scratch.
> Thank you. I'll test the next snapshot and let you know how it goes.
> You said that Cygwin should only set the high mandatory level if the token
> contains certain privileges. So I guess that SeBackupPrivilege and
> SeRestorePrivilege are among the ones that trigger the high mandatory
> level? Anything more we should know about that?
By simply trying them out, I created a list of the privileges which
trigger the high integrity level requirement. See, for instance,
For the security related change, see the second patch snippet in
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple